If I had written this column a few weeks ago it would have been very different. We had what I believed to be a really robust set-up and I planned to tell you all about it. So what happened? Well, we were hacked.
One minute our epos system was working and then the next it was not! Turns out the hackers had encrypted all our files including the database (all our stock and sales information). Luckily for us they targeted only the server and left the tills unaffected. This meant we were able to trade, but not place orders, stock check, gap check etc.
After a few days we were back up and running again, but needless to say we have since increased security further. This is a complex subject where some areas will require IT experts, however there are things that you can do yourself, or at the very least request to be set-up.
Think of your PC set-up as an onion, layer after layer you should have different levels of security. You do not want a hard-boiled egg set-up where the shell (the router) is hard to get through but once they are in it’s all there to see. So here are my tips:
Make sure your router is set up correctly and locked down. For example, if you can remotely view CCTV, how was it set up? At a basic level you could restrict access to set IP addresses, or a far better set-up would be a VPN (virtual private network).
Free wi-fi in store? Make sure this is a guest/closed network, or people may have direct access to all your other devices.
Running Windows 10? Run your epos system from a standard user account, which should be locked down. Remove administrator as a username (again another layer) and set-up a hidden administrator user with a strong user name and password as a starting point. These credentials can then be used only for software upgrades etc.
Your epos should be running a daily back-up to a secure location. If you are attacked, you have a roll-back point.
Have good antivirus software which only a unique password can remove when logged in as your hidden administrator.
Imagine if your epos, tills and cards stopped working? How much would it cost you? Maybe it’s time to review your IT security. Tesco certainly has.