Caribou Coffee Stores Hacked for months… but what about your business? — Psinergy LLC
X
Menu

Caribou Coffee Stores Hacked for months… but what about your business?

For businesses today, taking credit cards and storing information on a computer is a normal practice, though is data security? In today’s world, it isn’t “whether you will be hacked”, it’s more a matter of “when will you be hacked”. We’ve seen a number of companies hacked over the last few years and their client data compromised. The most recent larger company is Caribou Coffee.

According to the Data Security Notice they published on December 3, 2018 (17-days before alerting the media), 265 Caribou Coffee shops around the nation were actively being hacked from August 28, 2018 through December 3, 2018  with their customer’s credit card information being stolen right from their Point of Sales terminals! This issue was first detected on their network on November 28th, but wasn’t stopped for 5-days after… and 97-days after the first signs of the hack! The sad part is… this isn’t abnormal.

 

Small Business Owner thinking about thingsCompanies of all sizes need to be mindful of this

Companies of all sizes are at risk of being hacked and exposing their customer’s private data, from 1-person sole proprietors to companies with thousands of employees and a dedicated security department. It is not a matter of “if you will be unlucky enough to be hacked”, but “when will you be hacked and how can you slow them down”. As an example, our company on any given day has seen, on a slow day… 1 or 2 hacking attempts, to literally hundreds of hacking attempts on a particularly busy day… and we’re a very small local business. Luckily, we are very mindful of digital security. Hackers will not stop… because the information to them is valuable, and to be honest, it’s surprising that we don’t hear about more companies being compromised.

 

 

Common Misconceptions

  • But I don’t store credit card data on my computer, I type it into my online processor:
    There are things called screen recorders, keyloggers, and the like that easily bypass any security you think you have with not actually storing this data on your system(s).
  • But I don’t store customer data on my computer, everything goes into XYZ online drive:
    Again, there are things called screen recorders, keyloggers, trojans/remoStop your hurting my headte control software that makes any security that your online data storage provider completely moot.
  • I’m too small for them to care about:
    We’re a 2-person shop, and as we have already stated, we see between 1 to hundreds of hacking attempts a day on our internal network (that’s not even including our websites). Think about it this way — they can be attacking multiple “places” at the same time, they have no clue how big or small you are, and honestly, a smaller business or consumer is a better target for them because you’ve likely implemented fewer security measures for them to have to jump through and a lot less likely to be caught or stopped.
  • I don’t save any personal data on my computer:
    You’ve never logged into your email? The amount of personal data just included in your email, for most, is astounding and most don’t realize how much their email contains. Additionally, many sites send a password reset link to your email. They can also use you as a stepping stone to everyone you know and love.
  • I have bad credit/don’t have any money, so it won’t do them any good:
    You could have worse credit or less money. They can also file fraudulent tax forms on your behalf. One way to think about this also… do you have the time to deal with the hassle of your life being turned more upside down and more drama?

 

Ways Businesses can slow their chances of being hacked and compromised

Locked chains around keyboardSome people might think “Well… if a large company can’t protect themselves… why would I even bother trying?”. My response to that is “Well… part of the unwritten social contract of you being in business is that you will do your best to protect your clients and customers data that they have given you. It doesn’t matter if you are a healthcare company governed under HIPAA, or a hobby business making candles and jewelry. You need to do your part and not be grossly negligent with their information.”

  1. You must have a good, active, up-to-date anti-virus system on your computers — Windows, MacOS, Linux, phones, and other digital devices. There is not a system today that is immune to viruses and malware.
  2. Make sure you have an active firewall.
  3. Make sure you have all your system updates installed! (You’d be surprised at how many people we’ve seen that don’t… including businesses). If you suck at applying updates to your computer — pay a company to do it for you. (just make sure they are reputable, have good employment practices, and someone you can trust with everything… because they will have open access to your system).
  4. Don’t just willy-nilly be installing different programs and apps (i.e. games, tutorials, etc) on your computers or phones. Research first: is this a good, reputable program and company that made this? You thought “fake news” was bad… bad programs/apps are worse.
  5. Make sure you are applying updates to your devices in a timely fashion. This goes for ALL devices. Keep in mind, phones are the most notorious for crappy security, and security updates have been known to be delayed months (that is if you ever even get that update from your provider).
  6. Your business and home networks should have a network security appliance. Your run-of-the-mill, ever day router will not cut it anymore. Some nice, affordable ones for home users and businesses are ones like the Bitdefender Box 2 ($179-$250), the Unifi Security Gateway ($99-$140), the Netgear AC2300/N7000P with Netgear Armor ($160-$200). There are other options as well, some are less expensive, some are more expensive. Some have more features, some have less. For our business, we employ multiple different practices, not just one. Reminder: you will need to login to these devices (in most cases) to check for updates, etc! Next — these devices (modem, router, etc) should be in a locked cabinet, room, etc with limited access.
  7. Take your computer into a professional at least once or twice a year to be inspected. We offer this as our “Tune-Up service” but it’s way more than just speeding up your computer.
  8. Never ever let someone you do not know and trust touch or remotely access your computer or device. Some hacks take less than 5-seconds to implement when having direct access to a device.
  9. Regularly scheduling security scan(s) of your device(s). For personal devices, it depends on how often you use that device. For businesses, scans should be done at least daily, if not more.
  10. Do not let employees “Bring-their-own-Device”. This is a horrific practice all in the name of saving money, and you’re just asking to be hacked. On that note, if at all possible (this can be very tough for a small business, and possibly impractical), separate personal and business. If possible, have separate personal and business devices (including phone), and email. Only do personal stuff on personal devices, and only business stuff on the business devices. Additionally, have different passwords.
  11. If it is a mobile device, it should be encrypted.

 

Realize, this is not an all-inclusive list, and this is an ever-changing field of engagement. This is only to help give you a stepping stone to give you some concept of how to protect yourself and customers.

 

 


 

The post Caribou Coffee Stores Hacked for months… but what about your business? appeared first on Psinergy Tech.

You Might Also Liked

Firefox Vulnerability – known about for 17 years 1903 is here, what have we seen? VLC Media Player Security Flaw! Change your Facebook password now! Severe RCE Flaw Disclosed in Popular LibreOffice and OpenOffice Software — The Hacker News UPnP has been a security risk for years, but now it’s WORSE! Avast had a glitch! – “DNS server isn’t responding” Unpatched MS Word Flaw Could Allow Hackers to Infect Your Computer — The Hacker News

Upcoming Events

Jul
28
Sun
all-day Delta Aquarids Meteor Shower
Delta Aquarids Meteor Shower
Jul 28 all-day
The Delta Aquarids is an average shower that can produce up to 20 meteors per hour at its peak. It is produced by debris left behind by comets Marsden and Kracht. The shower runs annually from July 12 to August 23. It peaks this year on the night of July[...]
Jul
31
Wed
all-day Mercury Retrograde Ends
Mercury Retrograde Ends
Jul 31 all-day
see http://cantonbecker.com/retrograde for details…Click to print (Opens in new window)Click to share on Facebook (Opens in new window)Click to share on LinkedIn (Opens in new window)Click to share on Twitter (Opens in new window)MoreClick to share on Reddit (Opens in new window)Click to share on Pocket (Opens in new window)Click[...]
Aug
10
Sat
10:00 am Intro to Esogetics Crystal Thera... @ Psinergy Natural Health & Holistic Wellness
Intro to Esogetics Crystal Thera... @ Psinergy Natural Health & Holistic Wellness
Aug 10 @ 10:00 am – 6:00 pm
Intro to Esogetics Crystal Therapies @ Psinergy Natural Health & Holistic Wellness
An Apothecary of Light class These simple treatments from Esogetics Crystal Therapies are designed for health maintenance and self-help with common complaints from a natural health viewpoint. The therapies learned in this module are for everybody, be it at home or on the road. We are offering this workshop for health-conscious[...]
Aug
12
Mon
all-day Perseids Meteor Shower
Perseids Meteor Shower
Aug 12 all-day
The Perseids is one of the best meteor showers to observe, producing up to 60 meteors per hour at its peak. It is produced by comet Swift-Tuttle, which was discovered in 1862. The Perseids are famous for producing a large number of bright meteors. The shower runs annually from July[...]
Sep
5
Thu
6:00 pm Signals of the Body & Activating... @ Psinergy Natural Health & Holistic Wellness
Signals of the Body & Activating... @ Psinergy Natural Health & Holistic Wellness
Sep 5 @ 6:00 pm – 9:00 pm
Signals of the Body & Activating Dreams for Healing @ Psinergy Natural Health & Holistic Wellness
Learn 21+ Holistic self-care therapies that use a combination of touch and a special blend of essential oils and light to clear blockages and help promote health and wellbeing in this 1/2 day workshop. Therapies include body zones to promote dreaming, release emotional polarities and promoting emotional balance and areas to[...]
Sep
23
Mon
2:50 am Autumnal Equinox (Fall)
Autumnal Equinox (Fall)
Sep 23 @ 2:50 am – 3:50 am
The Sun will beam down directly on the equator giving us just about equal amounts of day and night in most parts of the world. If you live south of the equator, this is your Spring Equinox. Also, try balancing an egg on its end! Whether or not you succeed[...]
Oct
8
Tue
all-day Draconids Meteor Shower
Draconids Meteor Shower
Oct 8 all-day
The Draconids is a minor meteor shower producing only about 10 meteors per hour. It is produced by dust grains left behind by comet 21P Giacobini-Zinner, which was first discovered in 1900. The Draconids is an unusual shower in that the best viewing is in the early evening instead of[...]
Oct
12
Sat
10:00 am Colorpuncture for Me and My Family @ Psinergy Natural Health & Holistic Wellness
Colorpuncture for Me and My Family @ Psinergy Natural Health & Holistic Wellness
Oct 12 @ 10:00 am – 6:00 pm
Colorpuncture for Me and My Family @ Psinergy Natural Health & Holistic Wellness
An Apothecary of Light class These simple treatments from Esogetics Colorpuncture are designed for health maintenance and self-help with common complaints from a natural health viewpoint. The therapies learned in this module are for everybody, be it at home or on the road. We are offering this workshop for health-conscious[...]
Oct
21
Mon
all-day Orionids Meteor Shower
Orionids Meteor Shower
Oct 21 all-day
The Orionids is an average shower producing up to 20 meteors per hour at its peak. It is produced by dust grains left behind by comet Halley, which has been known and observed since ancient times. The shower runs annually from October 2 to November 7. It peaks this year[...]
Oct
31
Thu
all-day Mercury Retrograde Begins
Mercury Retrograde Begins
Oct 31 all-day
see http://cantonbecker.com/retrograde for details…Click to print (Opens in new window)Click to share on Facebook (Opens in new window)Click to share on LinkedIn (Opens in new window)Click to share on Twitter (Opens in new window)MoreClick to share on Reddit (Opens in new window)Click to share on Pocket (Opens in new window)Click[...]