Next in line: the Jimmy John’s breach

Jimmy John's Data BreachRemember how last week, we said that we hadn’t seen the last of big retail data breaches?

Home Depot is unlikely to be the last big retailer to suffer a breach of its cash register systems. Hackers have for some time been scanning merchants’ networks for ways to gain remote access.

Prophetic. Or maybe just common sense. Because the gourmet sandwich shop Jimmy John’s just followed suit.

This morning on Krebs

As before, it was Brian Krebs who broke the news:

On July 31, KrebsOnSecurity reported that multiple banks were seeing a pattern of fraud on cards that were all recently used at Jimmy John’s locations around the country…In a statement issued today…Jimmy John’s said customers’ credit and debit card data was compromised after an intruder stole login credentials from the company’s point-of-sale vendor and used these credentials to remotely access the point-of-sale systems at some corporate and franchised locations between June 16, 2014 and Sept. 5, 2014.

This is a point we cannot stress enough. When you’re relying on external vendors, such as the POS vendor who worked for Jimmy John’s, security is everything.

Because things go wrong. And with remote access, when things go wrong, they go wrong in a big way. Left unprotected, your remote access solution has the potential to roll out the red carpet to data thieves, offering system-wide access to anyone who can crack a vendor’s account.

Thankfully, there are ways to mitigate that.

Mitigate your risks

1. Manage vendors individually.

Your remote access solution must provide a centralized console where you can manage the status of every last vendor in your system. Define privileges, terminate access, confirm that passwords are strong, case by case.

Why does it matter? If a hacker cracks one vendor’s account, they’ve only cracked one vendor’s account. The damage is contained, and the focus of your response can be scalpel-sharp.

2. Give each vendor need-to-know access.

Blanket rights are blanket risks. Each vendor should have only the privileges that are necessary for them to perform their job.

Why does it matter? When a hacker cracks a vendor’s account, they inherit that vendor’s privileges. Limit each vendor’s privileges, and you limit the damage a hacker can do.

3. Document all vendor activity.

Keep a comprehensive log of every login and action performed, down to on-screen mouse movements.

Why does it matter? Think of it like this: your audit log is your security camera. When a thief gets into your system, any move they make should be easily visible, so you can track it down immediately.

4. Don’t be a statistic.

Here’s Krebs again on the Jimmy John’s breach:

Point-of-sale vendors remain an attractive target for cyber thieves, perhaps because so many of these vendors enable remote administration on their hardware and yet secure those systems with little more than a username and password — and often easy-to-guess credentials to boot.

You don’t have to follow that curve.

You can protect your remote access vendor accounts. Click here to find out how.

 

Leave a Reply