As a restaurant owner or manager, your plate is full literally and figuratively. You need to make sure that the ambiance is right, that the staff is well-trained, and that your customers stay happy. On top of all that your to-do list consists of at least one million other things.
What are the two most important concerns that you should focus on?
Similar to retailers, restaurants rely on payment cards for the most part of their business. Restaurateurs keep customers’ information to help them tailor dining experiences and use it for customer loyalty programs.
Storing financial and personal data about your customers comes with a lot of responsibility, though, and you should try your best to keep it safe.
Reports from October 2019 revealed that diners at Moe’s Southwest Grill as well as those at McAllister’s Deli might have had credit card information hacked from both of their systems, putting their customers at risk for fraud. Within the same period, the data of 4.9 million DoorDash customers was also leaked.
How do you avoid cyber security scares?
1. Hire an IT professional.
There are many restaurant owners who can wow you with their innovative, mouth-watering dishes but cannot write a line of code. But that's okay. You can hire an IT guy or opt for IT security services.
Outsourcing these kinds of services is quite a common practice. It's practical if you have a small operation and don't really need a full-time IT staff on the payroll.
What's more, if there's an IT-related problem, you can always rely on consultants to put out the fires for you, saving you time and stress.
2. Secure your restaurant's point of sale systems.
Target learned this expensive lesson in 2013 when cybercriminals attacked the retailers' point of sale systems. The hack affected more than 40 million shoppers and cost Target $18.5 million to settle the case. The company spent $202 million overall to investigate and handle the data breach.
According to Symantec, each stolen credit card will sell for up to $130. And it's easy to do: you can just buy POS malware kits from the Dark Web.
3. Train your staff.
Each one of your busboys, wait staff, and even kitchen personnel can then help you monitor the physical aspect of credit card security. This situation is very encouraging, considering that 53 percent of businesses have experienced insider attacks in the span of 12 months.
“Insider attacks are not always malicious; they can also be accidental,” explains Gavirneni. “For instance, physical storage devices like USBs that an employee plugs into your system may carry malware. Breaches can also result from devices stolen from your restaurant, or from an employee’s lost device.”
4. Secure your Wi-Fi network.
They can intercept your data, get account logins, and purchase transactions with a man-in-the-middle attack. Or, they can pose as rogue hotspots and inject malware into any device.
What can you do? Design and use a protected network. If possible, you can ask users to log in using their social media accounts, allowing you to capture their data for your marketing analytics.
5. Know what types of data you are collecting and storing.
You will need to answer some questions such as what devices are connected to your network and if you collect customer data from your online delivery system. You might also be accumulating information on your employees and food costs.
6. Proactively protect your restaurant from cyberattacks.
If that’s the case, then what preventative measures can you take?
Here are the most urgent best practices to implement immediately:
- Limit access to information, equipment, and data sources. For instance, do not give POS access to just anyone. Ensure that only trained staff has access and that no employees share their login information. One way to guarantee this is by using a biometric POS login such as a fingerprint. This option is available through Ordyx POS.
- Identify employees who will be responsible for cybersecurity and make sure that they have been thoroughly trained by the right professionals.
- Update and patch all your software. Close any gaps and have the right professional help you. Don’t do it yourself if you aren't sure how to.
- Encrypt and tokenize your data.
7. Detect possible intrusions.
You cannot fight a data breach if you don't know that it's happening. The good news is that you have plenty of choices in terms of detection systems.
One recommended solution is a software that analyzes web logs that will give you an idea of what is "normal" and what is not. This way, you'd know when something’s up, even before things go wrong.
When you have the right tools in place, you will need to continue monitoring them. Routine server audits can help reduce the cost, duration, and impact of a data breach.
You should also strive for shorter detection times. Verizon found that businesses belonging to the hospitality industry detected breaches only after a month – sometimes longer. Detecting suspicious activity is key in mitigating any damage.
8. Plan on experiencing a breach.
Work with your consultant and IT team to answer the following questions:
- What data was stolen?
- How were you able to detect the breach?
- How did the breach happen?
- When and where did it happen?
- How can it be stopped?
- Who was affected by the breach?
- What are the legal obligations?
- Should you inform your customers about the breach?
- Should you tell the media?
- Who do you need to call? Lawyers? IT professionals? Partners?
9. After a cyber security incident.
Consider planning for a recovery.
Do you know what to do to gain the trust of your customers again?
Do you have the money to cover for the losses, pay the penalties, and other expenses that come with the clean up?
Tips and reminders
First, you should understand that there are five basic functions of a security plan. Everything there should allow you to:
Fully eliminating cybersecurity risk is impossible, but having these precautions in place significantly lessens them. You should also assess and reevaluate your security plans every once in a while.
What's effective now may not work later on, so stay up to date as much as possible.
A data breach means disaster... but it doesn't have to.
The steps and precautions outlined will help lessen chances hackers attacking your system.
This post was created by Cynthia Lopez on behalf of Cornerstone Content.