Cyber security is important for EVERY business. No matter what field your business is in, your cybersecurity is key. Wawa, the widely known gas station (Similar to Sheetz if you are not familiar) has just suffered a MASSIVE data breach. It has been reported by the CEO that over 850 of their store locations (potentially all) have been compromised by hackers. This means that almost all of the payment stations and fuel payment stations have been infected. Thankfully, it has been reported that debit card PINs, credit card security codes, and driver’s license information were not affected (for right now, that is). This goes to show you that no matter what business you are in, you need Cybersecurity.
So What Happened Exactly?
It appears that the company discovered malware on their Point Of Sale (POS) stations that had the potential to expose card numbers, expiration dates, and cardholder names. They are saying that as of right now, they are unaware of any unauthorized card use as a result of the breach. Chances are though, their card information and personal information have been exfiltrated and sold on the dark web. The breach affects anyone who has swiped their card at Wawa since March of 2019. It was not detected until December 12th, 2019 and was not contained until the 14th. That is a LONG time for something like this to go unnoticed. This is the perfect example of how neglecting cybersecurity can hurt ANY business.
Don’t be the next victim of something like this. Wawa has lost the trust and respect of MILLIONS of customers because of this. Imagine how detrimental that can be to your business. Let’s discuss how you can prevent something like this from happening to you and your business.
What Can You Do To Prevent Cyber Attacks & Data Breaches At Your Company?
First, you need to implement a cyber security plan. If you don’t have one, contact me now here and I can help get you started. You need to sit down and consider what your business does, how it does its functions, and how technology ties into that. This way, you have a better idea on how you can build security around and into your functions. After that, you need to create specific policies as a foundation for your cybersecurity plan.
Second, you need to implement some basic network devices to protect your network and data. This includes setting up firewalls, intrusion detection systems, intrusion prevention systems, and even switches to segregate your networks. This is all important for restricting access to your network. If you are unsure on how to set these devices up or how to configure them, hire a professional (like myself) to help guide you through the process.
Third, install antivirus software on EVERY computer and make sure that they are updated daily. I personally recommend Maylwarebyte’s Anti-malware product or Mcafee’s Endpoint Security product. This is important and probably could have prevented this breach from ever happening.
Fourth, keep all software and operating systems up to date. When critical vulnerabilities are found and patches are put out to fix them, INSTALL THEM IMMEDIATELY! Every second you wait is a second that you give a hacker to break into your network.
Fifth, conduct vulnerability assessments and patch any findings on a regular basis. This could be done usually monthly or weekly depending on your need. The best tools to perform this would be Tenable Nessus or Rapid7’s Nexpose. Both tools are rather pricey though and it could be difficult for the average person to set them up, run the scans, analyze the results, and decide the best actions to take to fix the issues. This is also a service that I offer at an affordable rate, so feel free to contact me and we can discuss getting a vulnerability assessment of your network completed.
Sixth, cycle back through steps 3-5 on a regular basis and stay up to date on everything! New vulnerabilities are discovered daily, so you need to stay on your toes. If you’d rather focus on running your business, which you should, you need the help of a professional like myself who specializes in creating IT Security Plans, conducting vulnerability assessments/penetration tests, and designing secure networks. If you are struggling with cybersecurity or want me to help you prevent what happened to Wawa to you, please reach out to me and let’s get going. Anyways, stay secure everyone and use what happened to Wawa as an example of what NOT to do. Thanks for reading, and don’t forget to subscribe to my blog for more cybersecurity news, tips, and more to help keep your business secure!