Legacy Systems and Data Breaches – UPDATED

*Updated 12-11-17

Below in the article, I’ve neglected to mention, that many of the more successful Legacy POS providers now offer subscription based services for their software, keeping their users up to date.  This was brought to my attention by a number of readers, and that’s certainly valid.  Companies I know of that do this are Aldelo and Aloha, but I’m sure there are many others.  This article isn’t meant to “topple” the legacy POS providers, it’s only to make you aware of vulnerabilities in your POS systems.

Legacy Systems and Data Breaches

With new technology coming out every day comes new threats.  But with these threats, how prepared is your business?  The hospitality industry is the most under-prepared for this.

Ransomware, spyware, and data breaches are almost common these days. It’s beginning to be ridiculous.  But where do your weaknesses lie?

Legacy Systems / Hotel and Restaurant Data Breaches

70% or more of hotels and restaurants are still using Legacy Systems.  Legacy Systems like Micros, Aldelo, Dinerware, Digital Dining, and Oracle.  Hotels and restaurants are the biggest markets using legacy POS systems, and the most vulnerable to data breach because of it.

Let me clarify, there’s nothing wrong with legacy POS software.  It’s the practices of the hotels and restaurants that are the issue.  How often do you upgrade your Micros system?  Once every 2 or 3 years?  What version of Microsoft Windows are you running it with?  Windows 7?  Windows NT?

This is where the problem begins.

But why Hotel and Restaurant Data Breaches?

That’s a much easier question to answer.  It’s because all the transactions are credit card transactions.  And the majority require credit card data to be stored.  Meaning there’s a very big benefit to breaching.

But also, because they’re all running these antiquated software and hardware systems.  It’s so expensive to upgrade them that it’s not hard to understand why.  But a data breach will be more expensive than any software upgrade would be!

Hyatt reported this week a massive data breach involving hotels in 11 countries.  Starwood, Trump, and Sabre Hospitality have all had breaches recently too.

Windows PC Software

Let’s start with the elephant in the room.  The normal operating procedure for business owners is a “if it ain’t broke, don’t fix it,” type of outlook.  The problem with that is how open it leaves you for breaches.

Many of these legacy systems are running on Windows NT.  Microsoft doesn’t even support that anymore.  So no more updates, no more anti-malware, or fixes for ransomware.  And Windows 7 isn’t much better, it’s supported through 2020.

But keep in mind that Windows 7 is by FAR the most breached software platform.  So the hackers who want your data are best at hacking it. Ransomware attacks these older Windows based systems more often than others too.

Does your legacy software even run on Windows 10?  Or on Windows Server 2016?  Because if it can’t, there’s a huge liability on you.


If you’re using a legacy POS system, you’re allowing the software company to place the liability for the breach on you.  Legacy systems require a server on site, meaning you store all your data in your hotel or restaurant.  Since it’s yours, upgrading and keeping it secure are your responsibilities.  So, if there is a data breach, there’s nobody to point fingers at.  It’s only because of you.

With a subscription based system, the liability shifts to the POS company.  They house your data in the cloud, along with thousands of other companies.  If the data is breached, odds are yours isn’t the only one compromised.  Also, the POS company that houses your data has a team of data security experts, and data nerds, who spend their entire day keeping you safe.  You can’t say the same if you have a server stuffed in a broom closet.

WPA2 Security Crack

Recently, the WPA2 wireless security protocol has been compromised.  This is the security that secures 90% of all wireless connections.  All the more reason for you to remove an in-house server from your life.  Because any wireless connection is now questionable.

Microsoft and Apple have both announced updates to secure this, but at some point, once compromised, how can you trust the security moving forward?

Wanna Cry Ransomware

Wanna Cry Ransomeware was a gigantic problem for PC based systems all over the world.  With 300,000 computers worldwide infected, it became the poster child for modern day ransomware.

Windows worked quickly to have a patch available for Windows 7, Vista, 10, and a number of their server software selections.  They also made a patch for older XP, 8.1, and NT systems a few days later.  But they specified with language saying, basically, these legacy systems may not get security patches in the future.

But what is Ransomware?  How does it work, and how will it affect you?

Easy enough, it’s a hack that infects your computer system.  It uses advanced technology to change the files in your computer, and limit your access to them.  It then tells you that you need to pay to remove it or the files will be deleted.

This article by Symantec (seen here) states pretty clearly, that while many security systems have blocked Wanna Cry, if it gets in your system, there’s not much you can do.  This makes 2 things abundantly obvious

  1. Backup your drives, and not a windows backup, but an external backup to the cloud, or to an external drive that you unhook, so it stays safe.
  2. 2: Cloud based systems would allow you to throw your PC away and start over without missing a beat. So they’re much safer technology in this case.

But what do you do to fix it?

That’s the question!  There are really 2 ways to avoid data breaches to the best of your ability:

  • Update hardware and software

As often as there are updates available, you need to update your software and hardware.  That means every time Micros offers an update, or Oracle, or Focus.  This will be expensive, but less expensive than a breach.  The best way to avoid hotel and restaurant data breaches is to keep your software current.

  • Switch to a subscription based POS

Subscription based POS is the best way to avoid these issues.  Most of these are either cloud based or iPad based.  Subscription based POS will automatically keep your restaurant and hotel safe from data breaches by auto-updating software.  Either way, your risk is much lower.  Let’s talk about why…

iPad based POS is less susceptible to ransomware or breaches because it’s iOS based.  Hackers don’t spend nearly as much time on this platform.

Another thing about iPad based POS is that it’s more secure because it releases new OS updates for free.  So unlike Windows, where I have to buy each additional version of Windows.   With iOS, I get the update for free.  All Apple devices work this way for at least 5 years after they’re purchased.

Those of us in the industry would tell you that over time, it’s going to cost you less money to move to an iPad, subscription, or cloud based POS system.  That will offer you a significant increase in security and redundancy.  It’s also going to make sure you have support when you need it.  Part of the subscription you pay for with these services, is support.  So if you are ever breached, or get ransomware, you have someone to turn to for help.

There’s no way to avoid hotel and restaurant data breaches all together.  But put yourself in the best situation, and make it hard to get at your data!

Check out my other articles on POSRumor here!