Just because you can get on the Internet, doesn’t mean you should.

Gary Glover, Director of Security Assessment
By: Gary Glover
The following post is a segment in the Auditing Archives series. Hopefully the security failures I’ve seen while auditing businesses will help inspire better practices to ensure your own business security.

Font desk clerks are friendly…sometimes to a fault, but friendly doesn’t necessarily equal secure. A front desk clerk that helps you print off your afternoon boarding pass on the same computer that was just used to run your credit card violates a serious security protocol. Unfortunately, the problem is pervasive. I’ve seen this issue in virtually every hotel I’ve ever stayed at.

Because point of sale (POS) and property management system components are not segmented from other systems with access to the Internet, any accidental malware download, malicious website, bad link, or virus downloaded to that front desk computer could result a compromise that will risk every future credit card transaction.

View the Slideshare below.


Was this post informative? If so, please share!


Gary Glover (CISSP, CISA, QSA, PA-QSA) is Director of Security Assessment at SecurityMetrics with over 10 years of PCI audit experience and 25 years of Star Wars quoting skills. May the Force be with you as you visit his other blog posts.
Wednesday, July 16, 2014