Vulnerability and Risk Assessments: Identifying Weaknesses in Your Cybersecurity Defenses and that you are meeting compliance requirements
Cybersecurity Services: 24x7 proactive security monitoring and response. Rest easy knowing that your systems are protected around the clock
Managed IT Services: FTC Safeguards compliant, proactive and responsive IT services that keep your systems running, delivered by our friendly, local technicians and engineers
Protect Your Systems and Keep Them Operational With Our Responsive, Reliable and Proactive Services
Managed Services done for you! Are you tired of being treated as just another customer? Try out our responsive, reliable and proactive services backed by the power of former government cyber operatives.
Compliance Made Easy! We take care of everything for you to ensure that you are in compliance with the FTC Safeguards Rule and HIPAA with our easy to follow checklists.
Does your business need an incident response plan for compliance or insurance? Suffered a cyber attack? We can help! Book a call today and speak to our friendly, knowledgeable, local experts, standing by to help!
Does your business need to deploy a security awareness training solution? We offer a customizable package that can be tailored to your business' specific needs, Call us today to speak with one of our friendly local experts!
Need new servers, desktops or laptops? We've got you covered. As a Dell reseller, we can help you get what you need without breaking the bank.
Your business and customer data needs to be secured against cyber criminals. We can manage your Microsoft365 environment for secure digital storage and communications and secure file sharing with EntraID, InTune, Defender, Office365 and more.
Upgrade your phone system to VoIP and get new phones every three years. Never be outdated again! We work with several vendors and provide you with a customized solution that meets your business' unique needs.
Still using that insecure router your ISP installed? Quit paying extra and purchase your own secure gateway and sleep comfortably at night. We can customize a solution for your specific needs that stop attackers cold!
Does your business need a cybersecurity risk assessment to comply with your insurance provider? We can help. We work with over 40 reputable cyber insurance companies
Are you an independent contractor working for a real estate firm? Our IT and cybersecurity package is customized just for you. Chat with one of our friendly local experts today!
Don and his team are extremely professional, highly competent and fairly priced -- everything you could ask for in a tech partner.
★★★★★
Josh B
Don was very knowledgeable, They completed my network and set it up lighting fast.
★★★★★
James H
Very professional and always on time!!!
★★★★★
Matthew G
It was such a pleasure to work with Cyber Security Hawaii. They were quick with a quote and able to schedule my work around our construction schedule. They were very responsive and the work they performed was exactly as requested. Excellent technicians and reasonable pricing.
★★★★★
Joy H
Running a small retail business is already a balancing act—managing inventory, customer service, payroll, and staying competitive. Cybersecurity often slips through the cracks, especially for retailers with 10 or fewer employees. But if you process credit cards—and you almost certainly do—you’re bound by PCI-DSS (Payment Card Industry Data Security Standard) compliance requirements.
Most small retailers make one critical mistake: they rely on a flat network topology without realizing how dangerous it is. Let’s break down what that means, why it matters, and how to protect your business.
A flat network is one where every device—point-of-sale (POS) systems, credit card terminals, office computers, security cameras, staff smartphones, and even guest Wi-Fi—lives on the same network segment. There are no virtual LANs (VLANs) or segmentation barriers between them.
Think of it like running your entire store in one unlocked room where anyone can wander in and access whatever they like. While this setup might be simple and cheap, it’s also reckless when handling sensitive cardholder data.
In 2014, a well-known national retailer suffered a massive data breach because hackers gained access through a third-party HVAC vendor connected to the same flat network as POS systems. If this can happen to big-box retailers with IT teams, imagine the risk for a 5-person business with no dedicated IT staff.
1. One breach = total compromise
If a hacker gains access to a single device—say, a poorly secured security camera or an employee’s laptop—they can move laterally across the network. Since the POS terminals are on the same segment, your customers’ credit card data is at risk.
2. Malware propagation
A flat network makes it easy for ransomware or other malware to spread unchecked. What starts as one infected device quickly takes down your entire store.
3. Regulatory non-compliance
PCI-DSS explicitly requires network segmentation and strict access controls. A flat network automatically puts you out of compliance.
4. Target for cybercriminals
Hackers know small businesses often run flat networks. Automated scans look for these weak setups, making you an easy target.
Imagine a small coffee shop with a single Wi-Fi network. Customers use it to browse the web. The shop owner’s laptop uses it to run QuickBooks. The POS system is on the same network. A hacker sitting in the café connects to Wi-Fi, launches a basic attack, and within minutes has access to payment data. This isn’t hypothetical—it happens every day.
The financial consequences for small retailers running flat networks can be devastating. Here’s what you could be facing:
- Regulatory fines: PCI-DSS non-compliance fines can range from $5,000 to $100,000 per month until compliance is achieved.
- Semi-annual audits: Once flagged as non-compliant, you may be required to undergo costly PCI audits twice per year, costing thousands per audit.
- Credit card fraud liability: If customer data is stolen, you could be held liable for fraudulent charges.
- Card replacement costs: Banks and credit card issuers often push the cost of replacing compromised cards onto the retailer. Expect $3–$5 per card—multiply that by hundreds or thousands of customers.
- Credit monitoring for victims: You may be forced to pay for credit monitoring services for impacted customers, which can cost $10–$30 per customer per year.
- Legal liabilities: Class-action lawsuits are not uncommon after a breach. Even if you win, the legal fees alone can sink a small business.
- Reputation damage: Once word spreads that your store leaked credit card numbers, customer trust evaporates. Many small retailers never recover.
Let’s say your store processes 2,000 unique cards in a year. If all those cards have to be replaced at $5 each, that’s $10,000 just for reissues. Add $20 per person for credit monitoring: $40,000. Then fines: $25,000. Add a lawsuit settlement: $50,000. Suddenly you’re looking at over $125,000 in costs—not counting lost sales from customers who stop shopping with you.
For a business with 10 employees, that’s a death sentence.
A small, independently owned restaurant was flagged by card brands after fraud patterns suggested cards might have been compromised on its network. Per PCI rules, the merchant was required to hire approved forensic investigators. Those reviews reported that the POS system stored unencrypted card numbers, a direct PCI violation. The card brands then assessed fines and assessments that ultimately totaled about $90,000. The acquiring bank withdrew ~$10,000 from the merchant’s account and pursued the remainder, triggering a multi-year legal fight. Consequences for the business included immediate cash drain, mandated forensics and remediation work, exposure to chargeback claims, and significant legal expense—exactly the kind of shock that can sink a small retailer operating on thin margins.
Key failures illustrated: retaining prohibited card data, inadequate vendor management/verification of POS configuration, and lack of continuous PCI governance.
A group of small restaurants using the same POS platform were compromised after their reseller deployed unsecured remote-access software (shared/default credentials, unpatched systems) and the POS stored track data after transactions. Attackers installed key-loggers and memory-scrapers, siphoning hundreds of card numbers in weeks. One owner reported $19,000 in required forensics, $5,000 in card-brand fines, a $100,000 assessment that was later waived, and ~$50,000 in combined out-of-pocket costs after chargebacks. Banks reported seven-figure losses tied to fraudulent use of stolen cards, and at least one affected restaurant ultimately shut down. For a Level-4 merchant, those numbers are existential.
Key failures illustrated: flat/poorly segmented networks enabling lateral movement, remote-access exposure (default passwords, lack of MFA), and vendor-driven misconfigurations that left merchants non-compliant without realizing it.
The good news? This risk is preventable.
1. Implement VLANs and firewalls
Separate POS systems and payment terminals from other devices. The cardholder data environment (CDE) should be isolated from everything else, including staff Wi-Fi and security cameras.
2. Restrict access
Only employees who need access to the CDE should have it. Enforce strict authentication controls.
3. Deploy monitoring tools
Use security monitoring and intrusion detection systems (IDS/IPS) to catch suspicious activity early.
4. Regular vulnerability scans
PCI-DSS requires quarterly scans by an approved vendor. Don’t skip these.
5. Work with a compliance-focused MSP
Most small retailers don’t have the expertise in-house. Partnering with a managed IT/security provider ensures your network is properly segmented, monitored, and compliant.
Imagine your store as a shopping mall with separate locked stores inside. Even if someone breaks into the mall, they still need to break into each individual store. Segmentation ensures that breaking into your Wi-Fi doesn’t give hackers direct access to payment terminals.
Part of the problem is that many small retailers simply don’t know what PCI-DSS requires. Some common myths include:
- “We’re too small to be a target.” Reality: 43% of cyberattacks target small businesses.
- “My credit card processor takes care of PCI.” No, processors handle transactions, but compliance is your responsibility.
- “We use chip readers, so we’re safe.” Chip readers reduce fraud at the terminal, but they don’t protect data on a flat network.
A flat network may seem simple, but it’s a silent liability that could bankrupt your business. PCI-DSS compliance isn’t just a box to check—it’s the framework that protects your customers, your reputation, and your livelihood.
Don’t wait until an auditor or a hacker forces your hand.
If you’re a small retailer with 10 or fewer employees, chances are your network is flat and your risks are high. Let’s fix that before it’s too late.
👉 Book your PCI-DSS compliance strategy call today https://strategy.cybersecurehawaii.com
We’ll review your current setup, identify risks, and map out a clear path to compliance that fits your budget.
Your customers trust you with their credit cards. Make sure that trust isn’t misplaced.
© Copyright 2024. Cyber Security Hawaii. All rights reserved.
