
With the slow migration to US EMV underway and the growing availability of Point to Point encryption and tokenization options, many businesses likely feel more secure about the safety of both their own and their customers’ sensitive data. However, enterprises must still ensure they are deploying adequate safety measures and practices throughout the business in regards to the usage of technology and POS devices to make sure they close any windows for hackers and fraudsters. Retailers can have all the latest and greatest POS solutions in place, but if employees are not following protocol, sensitive customer data could still be at risk.
Millennial threat
One of the biggest security issues for businesses may also be one of their biggest assets: Millennials. The Millennial generation is a unique demographic – they are often viewed as being highly creative and flexible individuals, and adept when it comes to new tools and technology. However, they also like to cut corners to work more efficiently. This can create issues when trying to shore up the point of sale.
“85 percent of young employees admit to reusing passwords.”
For example, many Millennials reuse passwords instead of creating new ones for each site or service – a recent study from Software Advice, an independent POS review site, found as many as 85 percent of young employees admit to doing this. For companies, this can be problematic. It may mean their employees will reuse passwords when they asked to create a unique log-in for POS terminals, for instance. Given their lax security behaviors, a cybercriminal could easily design an attack to get their personal information from another, less secure site or service, and then use that information to gain access to business-related services and functions.
Other potential issues may arise in the workplace as well too. The study also noted 40 percent of millennials say they use personal devices to access work files and applications, while 56 percent said they often evade restrictive workplace controls. This could lead to scenarios where employees are just trying to do their jobs quickly and effectively, but wind up putting security on the line to do so.
For example, retailers commonly use mobile devices as multifunctional tools. They may have applications that allow salespeople to use a device to check inventory or order history as a way to better serve inquiring customers, then use the same device as an on-the-spot point-of-sale terminal. But what if a device goes missing or are all taken by other workers during a busy shift? Employees may think to use their own tablet or smartphone, but this could result in sensitive information being jeopardized.
Security is about the tools and the practices
As enterprises upgrade their POS solutions or deploy new ones, it is just as important they consider the security of the devices or applications they purchase, but also the practices and policies regarding this technology. Fine-tuning security protocols is an easy low-hanging fruit for companies to tackle, so long as their existing practices are not so overbearing they hinder the workflow. Companies should make training an important first step of onboarding any new employees, and it should be made clear the importance of following these procedures.