Lessons POS Can Learn From CrowdStrike IT Outage

4 September 2024
SHARE

Sometimes we can all use a timely reminder of just how much we take digital technology for granted – and also how vulnerable it can be.

July’s huge global failure in systems run on Microsoft Windows was one such occasion that merits reflection. There was a certain novelty, and no little irony, about this particular blip in the digiverse. While we’re well accustomed to disruption caused by malware and cyber attacks, this time around it was efforts to protect systems from such attacks that caused all the trouble. An update to cybersecurity software published by digital defence giant CrowdStrike proved to be faulty, crashing Windows operating systems all over the world.

Because Windows is so popular in business IT, virtually no sector escaped the outage unscathed. While the fact that the issue grounded planes grabbed most of the headlines, POS systems were also affected, with thousands of businesses unable to process payments due to the Windows OS on their tills crashing.

This kind of disruption puts ordinary retail and hospitality businesses in a hugely difficult position. It’s impossible to predict when such problems might strike, and therefore very hard to prepare and protect yourself against them. And yet, a functioning POS is integral to functioning as a business. A system goes down for some obscure cause you have no control over, and it’s your livelihood that’s at stake.

Things are doubly difficult when the cause of the outage is a major name in retail and hospitality cybersecurity solutions, with CrowdStrike products protecting tens of thousands of POS systems around the world. So what can the POS industry learn from the incident?

Planning for things going wrong

The big takeaway is that, even with names as big as Windows and CrowdStrike, IT systems are far from infallible. It’s easy to forget that things can and do go wrong. And that means we forget to plan for things going wrong.

The biggest mistake this leads to is over-reliance on one solution. Solutions offered by ‘Big Tech’ players like Microsoft can feel hard to avoid; or at least, there doesn’t seem to be any reason to think beyond them, such is their dominance in a market. An estimated 135 million POS endpoints run on Windows, and that only becomes an issue when an incident like this occurs and Windows is implicated in the problem. But 135 million checkouts being at risk of going down at once is a lot of lost sales, leaving a potentially catastrophic financial black hole.

Putting too much trust in one solution is not restricted to choice of operating systems or cybersecurity products. You can see evidence for it at every level of a company’s IT stack, from network connections to backups to monolithic software platforms where whole swathes of a company’s operations rely on a single product. When you lean on a single solution for anything, you leave yourself vulnerable if and when issues with that solution arise.

The answer lies in taking redundancy and failover planning seriously. What are your options if any part of your POS goes down, whatever the cause? Do you have alternative options in the form of different hardware, different OS/software, different network connections? What are your contingency plans? Can you operate offline, for example by taking cash-only payments? And if so, for how long? Are your staff adequately trained to make things workable?

Having answers to the above (and more besides) as part of a structured, clear and workable strategy can mean the difference between keeping your business going when IT outages strike, or sitting helplessly losing sales while you wait for someone, somewhere to fix things.