Any business that connects to the cyberspace is at risk of being a target for black hat hackers. Plenty small businesses make the incorrect assertion that they are too small and insignificant for malicious actors to be interested in their data. These businesses are the perfect targets for malicious hackers.
Restaurants serve as an example of a business that commonly has diminished security. They are ideal targets for black hats interested and specialized in stealing cardholder data aka credit cards. In fact, restaurants are amid the burgeoning trend of small businesses that constitute them as great targets for credit card thieves and hackers.
Public Wi-Fi is a black hat’s heaven. Black hats hold numerous options for stealing data and eavesdropping on digital dialogues. As restaurants frequently provide free Wi-Fi to their customers, black hat hackers can sit for hours without raising suspicion and orchestrate these attacks.
The first prevalent attack is called a “man-in-the-middle” attack also commonly abbreviated as MITM. The malicious actor constructs a hotspot on their own apparatus and labels it something comparable to the official Wi-Fi SSID supplied by the restaurant. Since WiFi is offered for free from an official business, customers don’t deem that the hotspot SSID may be malevolent. When the customers connect to this hotspot, the black hat grants them access to the Internet which they may still log in to websites and communicate with other users openly. The hacker’s hotspot turns into the “man in the middle” and listens to data transmitted from the customer’s computer to the Internet. The danger is in the black hat hacker being able to read unencrypted data and steal login information.
The only method to defend from this attack is to place a sign in a common area that discloses the business Wi-Fi SSID. The purpose is that the customers will not be confused over which connection is the business shall a hacker establish a venomous hotspot. Nevertheless, this doesn’t promise that the customers are safe, but it does decrease the chance that they will connect to the malignant hotspot.
The business can still enforce a password on their Wi-Fi connection and force customers to ask for it shall they want to connect. This will narrow the number of connections from people who aren’t actually customers.
Besides protecting customer connections, businesses need to remember to segregate public Wi-Fi from the official internal network. Firewalls are deployed to isolate the two connections, though some restaurant owners expose themselves to danger by permitting public and private Internet connections to be incorporated together. When the business has this type of infrastructure, it runs the risk of granting an intruder access to internal files.
Credit Card Processors and Encryption
It’s shared knowledge for the majority of webmasters that any web page requesting cardholder data or other sensitive data has to be encrypted. With restaurants, it’s typical to have wireless credit card processors, and some of them don’t include suitable encryption security. These machines can be found at the cashier, or some merchants provide devices that waiters and waitresses can transport around to every table. Some of these devices carry poor security and pass cardholder data from the devices to the Wi-Fi connection unencrypted.
Hackers are capable of reading data transmitted from one location to another when no encryption is enabled. This is how the customers of a business get their credit card information stolen. All devices that process cardholder data must have encryption enabled.
One real life example is Target becoming a target of an immense intrusion where millions of credit card numbers were stolen by criminals. The criminals succeeded in reading the credit card information stored in point-of-sale memory. This incident illustrated that not only large corporations may be affected by such attacks, but also indicates that any business is likely to fall victim to these sorts of attacks.
The good news is that more recent devices are likely to have encryption when data is transmitted. Nonetheless, it is important to always review the manufacturer’s documentation to make sure that the device enables encryption when transferring sensitive data. If the business carries older credit card processors, management ought to examine them to ensure they utilize the correct security to protect customer financial information.
The majority of businesses provide employees with Internet access. This hinders the enterprise’s security since it is exposed to Web-based intrusions. Many intrusions are aimed at stealing sensitive data from internal networks, notably credit card information. The use of ransomware and phishing techniques are most prevalent today.
One classic phishing technique is sending an email that appears like it’s from the official source. The victim clicks on a link in the email which ultimately leads them to a malicious site. If the user falls for the trap, the criminal successfully obtains the user’s login credentials. The malicious actor doesn’t need to do any hacking. Phishing is a classic form of trickery that even the most seasoned Internet users can easily be deceived.
Ransomware can be more calamitous than a regular phishing attack. By effectively holding vital data hostage, ransomware fundamentally forces the victim to pay the ransom or face losing the data permanently. Payment does not always guarantee that the files are recovered. Some versions of ransomware do not merely make false promises to victims that they will get their files back, but also demand the victims to pay increased amounts of money to get the file back. Hence, ransomware enjoys taking advantage of the victim’s desperation. What is even more worrying is that there is ransomware that scans the network and encrypts its network data. The ransom is usually incredibly expensive which means that criminals will profit from victims that are willing to pay.
Implications and Conclusion
Despite increased enterprise offerings for cyber security solutions emerging today, small businesses need to take the initiative to defend itself from hackers. The false notion that hackers don’t want to perform an intrusion into their systems needs to be erased. The reality is that many systems belonging to businesses are poorly secured, and there is little effort made by businesses to implement the relevant security measures. Black hats require minimal effort to obtain access to sensitive data. Since restaurant owners don’t consider themselves an attractive prospect, they tend to secure their data inadequately. Businesses always have to remember that having proper security is essential in protecting their customers and critical infrastructure from the everyday threats the world faces today.