Keeping your EPOS system safe from cyber attacks
As most of you have probably seen on the news there was a mass ‘cyber attack’ carried out on Friday that affected the NHS and other businesses globally by installing ransomware on their computers. We want to reach out to our customers to reassure you and offer security advice for your EPOS systems.
When ransomware infects a computer it quickly encrypts the user’s files and demands that the user pay a sum of money to regain access to their files.
Unfortunately the user is left with few options and would either need to pay the attacker or replace the hard drive and restore their data from a backup.
Usually ransomware needs a user’s input for it to infect a computer. This could be by downloading files from an unsafe website or opening an email attachment from an unknown source. However, this particular attack is what is known as a worm and infects all computers that it can ‘see’ over a network which makes it particularly dangerous.
Note: If you think one of your computers may have been infected turn it off immediately and disconnect the network cable if possible. Do not follow the prompts from the attacker and do not give any payment whatsoever. You can contact Business Reply and we may be able to investigate further. The computer should remain switched off until it can be confirmed that it is safe to use.
Most of the computers that were infected were running Windows XP which has been unsupported by Microsoft for 3 years. More up to date Windows operating systems receive security updates from Microsoft that ‘patch’ or fix vulnerabilities that allow these attacks to work but Windows XP no longer receives these fixes.
Long story short, it’s always best to make sure operating systems and software are updated to the latest version where possible and that important security updates are installed.
Business Reply can help keep your systems up to date, please see below or contact us.
Stopping such attacks should be a priority but keeping regular Backups can reduce the damage caused by ransomware as you can restore your files from before they were encrypted, giving you access as normal. However this is only as good as the backups that you take, if the last backup you took was from 6 months ago, then you’ll only be able to restore your data to what it was 6 months ago.
Business Reply can help you with backing up data, please see below or contact us.
This particular attack was so devastating because of the way it infected computers over a network. You should secure your network so that only computers and devices that you trust are ‘visible’ on your network.
Imagine you offer WIFI to your customers, if the WIFI hasn’t been configured properly and a member of the public connects with an infected machine, your entire network of devices now has the potential to become infected. If it’s been configured so they have limited access then your network is at a lot less risk.
Business Reply can help with securing your network, please see below or contact us.
For customers that are on Windows XP, Microsoft is releasing a one time security update to fix this particular vulnerability. We can assist with installing this update however this does not mean Windows XP will remain secure and we strongly recommend updating to a newer version of Windows which we can help with.
For customers on newer versions of Windows, your tills are set to automatically receive important updates from Microsoft so the vulnerability should have already been fixed before this attack occurred.
If you notice your computer installing updates please do not use the computer until they have finished and do not switch off or restart the computer.
Whenever we carry out work on your till we will take a backup of the EPOS software, however it is the customer’s responsibility to make sure their data is backed up properly and on a regular basis. We can offer advice on how you should be taking backups and storing data or we can take the work out of it and offer a full backup solution.
Customers that have a TouchOffice Web account, your sales data is uploaded to the cloud which does act as a backup for financial and sales data that has passed through the till but there may be other important files on your tills that are not uploaded to this service.
Networking is not usually covered in your support contract but we can help with making sure your network is as secure as it can be and locking down WIFI routers. Ideally you should have your tills and computers on a completely separate dedicated network.