The piercing lens of information security changes focus quite often. In recent weeks the security vulnerability lens is focused on point-of-sale (POS) devices. And there seems to be good reason. The Target breach, perhaps the largest reporting breach in history, seems to be the result of malicious software inserted into these devices via a network hole and stolen vendor credentials. As the news of the breach was unfolding, the National Cyber Investigations Joint Task Force (NCIJTF) issued new warnings about sophisticated malware attacks directly targeting POS devices. While malicious software is a threat, the devices are also prone to physical tampering, prompting a new set of controls within the latest update to PCI-DSS 3.0.
As part of our ongoing updates to our PolicyShield Security Policy Subscription, we have added a new sample information security policy: Point-of-Sale (POS) Device Security Policy. This new security policy has controls that help mitigate the risks of malware infection, as well as the risks of physical tampering and theft. The new sample policy is free to all existing PolicyShield subscribers.