Remote Alarm Monitoring
This article is for all our business owners with their new remote monitoring mobile devices. It looks great being able to view inside your business while you are not in the physical location yourself.
So how did you access your new remote monitoring system?
Was it some application (app) you downloaded and tapped on?
Was it something the installer setup for you?
Have you tried accessing your monitoring system from home?
Did it have custom software that makes all the configurations for you?
Are you thinking, "Who cares, it works and that's all I need to know."
Well let's start the lesson here with a simple Q and A session.
If you knew your default password was: 123456 and the default username was ABCD would you try it to see if your monitoring equipment was set to defaults?
If you answered No you need to read a bit more here.
If you answered Yes then did you change it yourself or did the tech assign you a username and password. (Like your Business Name and Street Address maybe?)
From simple research I've seen a growing demand on remote access to monitoring systems at work and point of sales equipment.
Nearly all of these systems are directly connected to the internet. So what's the issue with that? Your home computer is connected directly to your cable modem so what if my work systems are the same. I've never been hacked.
This is where I start to pull my hair out sometimes. Forward all to your POS, Open the firewall all ports because your monitoring technicians doesn't know what ports their equipment uses. Create rules for both incoming and outgoing connections to go unchecked. Allow simple common names to be passwords. The list goes on and I hope you are seeing the light.
If I can see your SSID for your POS then you have it setup wrong.
It's against all my better judgement to leave a system broadcasting SSID that should be silent. But the technician required it. Even after I explained how easy it would be to access the system the technician would not hide the SSID.
Why hide your SSID for your POS? Let me answer that with one line.
"Out of sight, Out of Mind."
If the kid down the street can't see your wireless network he most likely won't attempt to crack it after you close your doors. but, leave it on and you can rest asured some 12 to 16 year old laptop scripting kid is going to be attempting to access your business network.
Not only that, but the remote alarm systems are another joy to work with. Keep those applications off your desktop if you do not have VPN access. Don't download any software VPN that makes a connection to a server so you can connect to your office.
Viruses and your Mobile Devices.
Just a quick note about POS units running on iPads, iPhones, Apple Products and any Mobile Device on the market.
The short story: A jewerlry store in Texas had a virus planted on their Point of Sale computer. Other applications were installed even MicroTrends antivirus. The virus was not detected for 6 months and when it finally was detected a secondary virus encrypted all the information on the computer to make it 100% disabled on a forensic level. (RANSOM Virus)
A few words of advice would be: "Never operate any financial processing application (credit card processing) on any computer that has not 100% be checked out to be PCI data security standard complient." With one exception, you can for your personal use do what you would like with any application. But if you have customers then you need to take their privacy and security to a level 100 times stronger than your current mobile device settings.
I'll detail in another article how hackers are looking to collect credit cards from your retail business in another article. To give you food for thought until then answer the following questions.
- Is your computer running XP?
- Do you know what Antivirus program you have?
- Can you answer the following without looking? Do you know your service pack version?
- Do you have a wireless router?
- Do you reset your router?
- Do you know the login of your router?
- Can your POS terminals access websites?
- Do you use LogMeIn or TeamViewer?
- Does your support service company offer remote access service? If so, do you konw what program they use? Do you know the login and password for your remote access?
- Is uPNP enabled?
- Is Remote Desktop enable? On what Port? What User?
That should keep you business if you don't know all the answers for all the questions above. If you don't know them ask your last Technician you contracted. If that technician doesn't know all the answers then give us a call and we will help you answer the questions.