It seems there’s a new cybersecurity threat uncovered every day. The latest two, called Meltdown and Spectre, are no joke. These security vulnerabilities—discovered earlier this year by Google’s Project Zero team—increase the potential for hackers to get their hands on sensitive data and memory from a computer's processors and other hardware, potentially exposing your personal data like account information and login credentials.
Meltdown has the potential to affect every Intel processor built since as far back as 1995, while Spectre can and has been shown to affect every type of Internet-based system, from desktops to laptops, cloud servers, tablets and smartphones.
News of these vulnerabilities is enough to spark fear in any business owner, even those equipped with the most state-of-the-art IT infrastructure systems. Convenience store retailers, already vulnerable to physical theft, have a lot at stake here, too.
Good news, though: There are ways to keep stores secure, in spite of these vulnerabilities. Here are a few methods.
Consider non-Internet based tools
Physical security methods still have a place in keeping stores safe. For example, closed-circuit security cameras that use on-site storage and safes that have “read-only” OS file systems and a strong encryption methodology will ensure prying eyes can’t see what’s inside. Because threats such as Meltdown and Spectre require a third-party software to be installed, look for safes that have no Internet browser software nor email clients that can communicate outside the network.
Of course, this doesn’t mean retailers should abandon their web-enabled security cameras or smart safe, but it would be prudent to build in redundancies, such as physical safes, that prevent unauthorized access.
Choose operating systems wisely
If a smart safe is part of a store’s security arrangement, look for safes that use a Linux-based operating system. Hackers will often target Windows-based OS devices as they are more common and thus easier to exploit. With a Linux-based OS, security lapses are less likely. But if a threat should emerge, patches are quickly available to close any security loopholes.
Select software carefully
It might be tempting to use freeware or other non-verified software, because software can be expensive. However, consider that with non-verified software, security is an unknown variable—and this is one area it’s paramount to be confident in. Stick to tried-and-tested software from reputable companies to ensure store data is secure.
The reason Meltdown and Spectre have been able to take hold is because users unwittingly provide access to their systems. This often happens by hackers’ use of “phishing” emails, which closely emulate emails from Internet, email or mobile carrier companies, or even from individual senders the user might recognize. While programs are typically not permitted to read data from other programs, having login or password access can enable a malicious hacker to use Meltdown and Spectre to access information stored in the memory of other running programs. This might include passwords stored in a password manager or browser, personal photos, emails, instant messages and even business-critical documents.
To protect security and data, immediately delete any suspicious emails that ask you to provide personal information or to click on an external link—and of course, don’t click on those links. When in doubt, contact the company in question in a separate email—don’t reply to the message you’re suspicious of.
Cloud-based technology is an integral part of any c-store’s approach to security. But by taking the above precautions and using redundancies such as physical safes, owners can ensure data is secure and safe from even the most sophisticated cybersecurity threats.
This post is sponsored by FireKing Security Group