Retailer's Emergency Guide from a cyber attack

POS SOFTWARE

Computer hacked

Today, there is so much hacking that it's become routine for people's computers to be hacked. Cyber attacks happen every day. A few days ago, another of our clients went down with a ransomware attack.

For Australian retailers, a computer hack can threaten your business operations.

The first point I want to make is that, in my experience, most cyber attacks are

1) An inside job, someone you know has access

2) Someone on your system has gone into a site, clicked an email or put some software on your computer.

Here are some steps to recover from a cyber attack.

Assess the Situation

When you suspect a hack, stay calm and assess the situation methodically. The odds are you have some time. The hacker generally needs time to assess what he has broken into and how he can best utilise the asset he has just gotten.

The odds are in retail. He wants to get into the EFTPOS system. It is not easy, but he can make much money if he succeeds.

Then, they want your passwords for sites such as banks, PayPal, and Facebook advertising accounts.

Finally, they may want to lock you out of your system with ransomware. I have spoken about ransomware before, so please check it out.

Possibly, they could steal your data, such as your customer information. If they put this data up on the dark web, you could have a real legal problem if the word gets out that it came from you from the Australian government.

Take Immediate Protective Actions

Log Out of All Devices

Immediately log out of all your devices, including:

Your main computer
POS terminals
Tablets

This step helps prevent further unauthorised access and limits the hacker's ability to cause more damage.

Shut them all down.

Contact us ASAP.

We want to get your data. I hope you have a good backup. We will totally format your system and clean out everything. With a modern hack, you can never know what they have done, so we will clean everything. We will install new software on your computer and restore your data. We will change all passwords, and hopefully, it will be fixed.

If you want to do it yourself, then

Wipe Infected Devices

Perform a complete system wipe
Reinstall the operating system using a bootable drive
Ensure you're starting from a clean slate

Please don't rely on antivirus software, as it may not detect sophisticated malware like info stealers.

A complete system wipe is the safest option.

Identify Your Critical Accounts

Don't use the infected computer for any recovery actions!!!

Make a list of your most important accounts, prioritising those that control access to others:

Primary email account (Gmail, Microsoft, etc.)
Financial accounts (PayPal, bank accounts, digital wallets)
POS system account
Supplier portals
Business social media accounts

Go on a secure device, e.g., your smartphone, and start changing passwords, such as your bank, email, Facebook, Gmail, etc. Add a unique character, e.g. %, at the end of every password as an emergency fix. So, for example, if your password was flower19, make it flower19%.

Secure Financial Information

If you need to go further, and some of our customers have had to go to the bank:

To freeze any credit or debit cards used online
Contact your bank to replace these cards
Notify your bank about potential fraud exposure

They are excellent about that; they cancel the card immediately and ensure you get an emergency card.

Then, start reviewing recent transactions

Legal Obligations for Australian Retailers

As an Australian retailer, you do have a legal obligation if you get data breached:

You must notify affected individuals.
Also, you must notify the Office of the Australian Information Commissioner (OAIC) if a data breach is likely to result in serious harm.
You get 30 days to determine whether that suspected data breach meets the criteria for notification.
Failure to comply can result in penalties