To combat this problem, most systems have employed a number of methods of protecting data. For example, using a firewall to separate workstations from the public internet is a common solution. "Even the most basic consumer routers available nowadays provide a firewall," notes Nguyen.
Other tools that increase security include anti-virus/anti-malware software, and disabling the use of removable storage. "More and more, companies are experiencing data leaks due to employees copying data to removable storage like USB, CDROMs, etc.," Nguyen adds. "For more advanced forms of data protection, you can look at data encryption."
According to Bob Shaffer, president of Point-of-Rental Systems, most software providers encrypt stored credit card numbers so that if data is stolen, their customers' credit card information is secure, but other data on the hard disks are usually not encrypted.
"There are methods of encrypting data," Saint notes. "Traffic moves a little slower and there's overhead involved, but they're effective in removing 99% of threats represented by intercepted data."
Traditionally, most software is operated from a central point, but with the advent of the client-server network architecture came the need for complex network security. "We recommend a central server accessed through remote connection technologies to rebuild the secured environment we used to have," says Boivin, noting that cloud technology – basically, where data is store on the Internet and not on a single computer - is taking business in this direction.
"That’s why we are offering a SaaS [Software as a Service] solution," he says. "Not all rental businesses are ready for the cloud but the trend is clearly heading in this direction."
SaaS – security help or hindrance?
The popularity of SaaS and wireless has made the protection of business data more difficult and at the same time more essential, says Shea at SBC. "For example, secure logins are important, with protected user names and passwords. Even though Internet transmissions create a raft of challenges for programmers, ultimately that’s a good thing. Software delivery over the web has served to spotlight security pitfalls that would need solving sooner or later, and sooner is always better when it comes to data integrity."
Boivin says, "The SaaS offering is increasing the security for data at a low cost. For rental businesses to be compliant with high security regulations such as SAS 70 (Sarbanes-Oxley Act), they would need to do mass investment in equipment and experts that would not be affordable for most of them."
Nguyen adds, "Any SaaS provider that wants to succeed and survive has to put tight security measures in place to safeguard customer data. In many cases, this means that the SaaS providers are making greater investments into their security infrastructures."
But SaaS can be a potential avenue for hacking, according to Shaffer, and if the login URL is easy to find and has a weak username/password combo the threat is greater. "Having a WiFi hotspot in the rental store can certainly open a new avenue for hackers," he adds. "The difficulty of properly establishing a truly secure remote access protocol can motivate rental operators to use less secure remote connections, leaving another avenue for hackers."
What can your business do?
"One thing a rental business can do to protect its data is to ensure systems are protected with a firewall between the server and Internet," advises Shea. "A VPN should also be used to secure the connection between the server and user. If private information travels the Internet, it should be encrypted as rigorously as possible."
He continues, "In terms of relying on security measures developed by a rental software vendor, prioritization is very important. Ask the vendor to explain all of the security functionality offered, both internal and external, as well as compliance with credit card processing standards and e-commerce standards. If no new security developments have been produced in the last couple of years, it can be a sign that the vendor is unable or unwilling to keep up with the evolution of threats."