A blog on issues affecting Australia's newsagents, media and small business generally. More ...

Why newsagents can’t afford to run old software anymore

Software security has changed more in the last eighteen months than in the previous five years, and small retailers, like newsagents, are squarely in the firing line.

Newsagents handle sensitive data: EFTPOS transactions, lottery and gift card sales, loyalty accounts, customer details. Running old software is a commercial risk to your business and to the people who shop with you.

What’s changed

Cyber criminals have worked out that small businesses are easier targets than large ones, and just as valuable.

According to the Australian Signals Directorate’s Annual Cyber Threat Report for 2024–25, the average cost of a cyber incident to a small business rose 14% to $56,600. The ACSC’s cyber security hotline took more than 42,500 calls that year, up 16% on the year before, and the agency issued over 1,700 warnings about malicious activity targeting Australian organisations, an 83% jump. Read the full report.

Payment security rules have tightened. PCI DSS 4.0, the standard that governs how businesses handle card payments, made a set of new requirements mandatory from April 2025, including multi-factor authentication for anyone accessing systems that touch card data. If your POS provider hasn’t talked to you about this, it’s worth asking.

Attackers are going after software supply chains too. Industry research on retail breaches found close to a third involved a compromised third-party vendor rather than a direct attack on the retailer, nearly double the rate from the year before. A weakness in a POS provider, a payments processor, or an IT support company can expose every retailer connected to them.

And a lot of small business software is older than it should be. Security researchers still find point-of-sale systems running operating systems that stopped receiving security patches years ago, because “it still works” felt like a good enough reason to leave it alone. Unsupported software is an open door. Nobody is watching for weaknesses in a system the vendor stopped maintaining, and attackers know it.

The businesses ransomware groups target most aren’t the ones with the least valuable data. They’re the ones with the least resistance.

Why this matters more for newsagents specifically

Most newsagents have grown beyond newspapers and magazines. Gift cards, loyalty programs, mobile recharge, lottery accounts and card payments all run through the same till, and all of it depends on software that’s connected to the internet, connected to your bank, and often connected to a support provider with remote access to your systems. That’s real exposure. It’s a profile attackers look for: valuable transactions, limited in-house IT support, and a temptation to delay updates because the shop is busy and the software “still works fine.”

What keeping software up to date means

Keeping software current is more than clicking “update” when a pop-up appears. A few questions worth putting to your POS provider or IT support:

  • Is your point-of-sale software still actively supported, with regular security patches, or is it running on an older version the vendor no longer maintains?
  • Is multi-factor authentication switched on for anyone who can access your systems remotely, including your support provider?
  • How quickly does your provider apply security patches after they’re released, and do they tell you when they do?
  • Are your backups tested, and stored somewhere separate from your main system, so a ransomware attack on your till doesn’t take your records with it?

A short checklist for your shop

None of this requires becoming a cyber security expert. A few habits make most of the difference:

  • Turn on multi-factor authentication on every account that offers it, not just your bank login.
  • Keep the operating system and browser on any device connected to your POS current.
  • Treat unexpected “urgent” emails about supplier invoices or EFTPOS settings with suspicion, and verify by phone before acting.
  • Back up your data regularly, and keep at least one copy separate from your main system.

Treat your POS software the way you’d treat your shop’s front door: locked, current, and not something you put off dealing with because business is busy. The retailers who get hit hardest are usually the ones who assumed it wouldn’t happen to a shop their size.

Now, here are some valuable sources:

1 likes
Newsagency management

Leave a Reply

Your email address will not be published. Required fields are marked *

Reload Image