As a restaurant owner or manager, your plate is full literally and figuratively. You need to make sure that the ambiance is right, that the staff is well-trained, and that your customers stay happy. On top of all that your to-do list consists of at least one million other things.
What are the two most important concerns that you should focus on?
One is ensuring you have a full menu of delicious offerings. The other less known concern leans more on the technical side of things. This includes keeping your enterprise and customer information safe from hackers.
Similar to retailers, restaurants rely on payment cards for the most part of their business. Restaurateurs keep customers’ information to help them tailor dining experiences and use it for customer loyalty programs.
Storing financial and personal data about your customers comes with a lot of responsibility, though, and you should try your best to keep it safe.
Reports from October 2019 revealed that diners at Moe’s Southwest Grill as well as those at McAllister’s Deli might have had credit card information hacked from both of their systems, putting their customers at risk for fraud. Within the same period, the data of 4.9 million DoorDash customers was also leaked.
Similar to retailers, restaurants rely on payment cards for the most part of their business. Restaurateurs keep customers’ information to help them tailor dining experiences and use it for customer loyalty programs.
Storing financial and personal data about your customers comes with a lot of responsibility, though, and you should try your best to keep it safe.
Reports from October 2019 revealed that diners at Moe’s Southwest Grill as well as those at McAllister’s Deli might have had credit card information hacked from both of their systems, putting their customers at risk for fraud. Within the same period, the data of 4.9 million DoorDash customers was also leaked.
How do you avoid cyber security scares?
Following these precautions and steps will help you lessen security risks and ensure regulatory compliance to keep you and your diners safe from cybercrimes like these.
1. Hire an IT professional.
Whipping up baked Alaska or a beef Wellington from scratch might be a piece of cake to you, but security and tech might sound like Greek. If your knowledge about Wi-Fi, antivirus programs, and even multi-factor authentication is close to non-existent, this is understandable.
There are many restaurant owners who can wow you with their innovative, mouth-watering dishes but cannot write a line of code. But that's okay. You can hire an IT guy or opt for IT security services.
Outsourcing these kinds of services is quite a common practice. It's practical if you have a small operation and don't really need a full-time IT staff on the payroll.
What's more, if there's an IT-related problem, you can always rely on consultants to put out the fires for you, saving you time and stress.
There are many restaurant owners who can wow you with their innovative, mouth-watering dishes but cannot write a line of code. But that's okay. You can hire an IT guy or opt for IT security services.
Outsourcing these kinds of services is quite a common practice. It's practical if you have a small operation and don't really need a full-time IT staff on the payroll.
What's more, if there's an IT-related problem, you can always rely on consultants to put out the fires for you, saving you time and stress.
2. Secure your restaurant's point of sale systems.
Cybercriminals are out looking for a quick buck. They want something that will pay off nicely without having to put in too much work. Point of sale systems are often left without protection, easily accessible for hackers, and full of valuable consumer information.
Target learned this expensive lesson in 2013 when cybercriminals attacked the retailers' point of sale systems. The hack affected more than 40 million shoppers and cost Target $18.5 million to settle the case. The company spent $202 million overall to investigate and handle the data breach.
According to Symantec, each stolen credit card will sell for up to $130. And it's easy to do: you can just buy POS malware kits from the Dark Web.
Target learned this expensive lesson in 2013 when cybercriminals attacked the retailers' point of sale systems. The hack affected more than 40 million shoppers and cost Target $18.5 million to settle the case. The company spent $202 million overall to investigate and handle the data breach.
According to Symantec, each stolen credit card will sell for up to $130. And it's easy to do: you can just buy POS malware kits from the Dark Web.
3. Train your staff.
“On top of learning how to handle customers, how to serve food, and even which wines to suggest for a particular dish, restaurant staff should also be familiar with cybersecurity best practices,” says Sidd Gavirneni, Co-Founder and CEO at Zeguro. “Effective training will help your employees identify and mitigate cyber risks to keep your restaurant safe.”
Each one of your busboys, wait staff, and even kitchen personnel can then help you monitor the physical aspect of credit card security. This situation is very encouraging, considering that 53 percent of businesses have experienced insider attacks in the span of 12 months.
“Insider attacks are not always malicious; they can also be accidental,” explains Gavirneni. “For instance, physical storage devices like USBs that an employee plugs into your system may carry malware. Breaches can also result from devices stolen from your restaurant, or from an employee’s lost device.”
Each one of your busboys, wait staff, and even kitchen personnel can then help you monitor the physical aspect of credit card security. This situation is very encouraging, considering that 53 percent of businesses have experienced insider attacks in the span of 12 months.
“Insider attacks are not always malicious; they can also be accidental,” explains Gavirneni. “For instance, physical storage devices like USBs that an employee plugs into your system may carry malware. Breaches can also result from devices stolen from your restaurant, or from an employee’s lost device.”
4. Secure your Wi-Fi network.
If you offer free Wi-Fi access to your diners, then you should use a secure network for your POS and business needs rather than an open one. Public Wi-Fi is a favorite among hackers.
They can intercept your data, get account logins, and purchase transactions with a man-in-the-middle attack. Or, they can pose as rogue hotspots and inject malware into any device.
What can you do? Design and use a protected network. If possible, you can ask users to log in using their social media accounts, allowing you to capture their data for your marketing analytics.
They can intercept your data, get account logins, and purchase transactions with a man-in-the-middle attack. Or, they can pose as rogue hotspots and inject malware into any device.
What can you do? Design and use a protected network. If possible, you can ask users to log in using their social media accounts, allowing you to capture their data for your marketing analytics.
5. Know what types of data you are collecting and storing.
Taking note of the type of information you are collecting can help you take precautionary steps. You will know how to adequately secure the data, where you can store it, and how much it will cost you if a data breach does happen.
You will need to answer some questions such as what devices are connected to your network and if you collect customer data from your online delivery system. You might also be accumulating information on your employees and food costs.
You will need to answer some questions such as what devices are connected to your network and if you collect customer data from your online delivery system. You might also be accumulating information on your employees and food costs.
6. Proactively protect your restaurant from cyberattacks.
When it comes to your health, they say that an ounce of prevention is worth a pound of cure. That's true of cybersecurity as well.
If that’s the case, then what preventative measures can you take?
Here are the most urgent best practices to implement immediately:
If that’s the case, then what preventative measures can you take?
Here are the most urgent best practices to implement immediately:
- Limit access to information, equipment, and data sources. For instance, do not give POS access to just anyone. Ensure that only trained staff has access and that no employees share their login information. One way to guarantee this is by using a biometric POS login such as a fingerprint. This option is available through Ordyx POS.
- Identify employees who will be responsible for cybersecurity and make sure that they have been thoroughly trained by the right professionals.
- Update and patch all your software. Close any gaps and have the right professional help you. Don’t do it yourself if you aren't sure how to.
- Encrypt and tokenize your data.
7. Detect possible intrusions.
You have fire alarms and smoke detectors to determine if there's a fire in your restaurant. You should have a parallel protocol for possible cyber attacks.
You cannot fight a data breach if you don't know that it's happening. The good news is that you have plenty of choices in terms of detection systems.
One recommended solution is a software that analyzes web logs that will give you an idea of what is "normal" and what is not. This way, you'd know when something’s up, even before things go wrong.
When you have the right tools in place, you will need to continue monitoring them. Routine server audits can help reduce the cost, duration, and impact of a data breach.
You should also strive for shorter detection times. Verizon found that businesses belonging to the hospitality industry detected breaches only after a month – sometimes longer. Detecting suspicious activity is key in mitigating any damage.
You cannot fight a data breach if you don't know that it's happening. The good news is that you have plenty of choices in terms of detection systems.
One recommended solution is a software that analyzes web logs that will give you an idea of what is "normal" and what is not. This way, you'd know when something’s up, even before things go wrong.
When you have the right tools in place, you will need to continue monitoring them. Routine server audits can help reduce the cost, duration, and impact of a data breach.
You should also strive for shorter detection times. Verizon found that businesses belonging to the hospitality industry detected breaches only after a month – sometimes longer. Detecting suspicious activity is key in mitigating any damage.
8. Plan on experiencing a breach.
You should have a plan. Prepare for the worst, and hope for the best. Think of it as a test run, so you know what to do when an actual emergency occurs.
Work with your consultant and IT team to answer the following questions:
Work with your consultant and IT team to answer the following questions:
- What data was stolen?
- How were you able to detect the breach?
- How did the breach happen?
- When and where did it happen?
- How can it be stopped?
- Who was affected by the breach?
- What are the legal obligations?
- Should you inform your customers about the breach?
- Should you tell the media?
- Who do you need to call? Lawyers? IT professionals? Partners?
9. After a cyber security incident.
More than being able to prevent, detect, ward off, and respond to a cybersecurity event, it is important for you to know bounce back.
Consider planning for a recovery.
Do you know what to do to gain the trust of your customers again?
Do you have the money to cover for the losses, pay the penalties, and other expenses that come with the clean up?
Consider planning for a recovery.
Do you know what to do to gain the trust of your customers again?
Do you have the money to cover for the losses, pay the penalties, and other expenses that come with the clean up?
Tips and reminders
Knowing what to do and preparing for a cybersecurity incident should be your first line of defense against cybercriminals.
First, you should understand that there are five basic functions of a security plan. Everything there should allow you to:
Fully eliminating cybersecurity risk is impossible, but having these precautions in place significantly lessens them. You should also assess and reevaluate your security plans every once in a while.
What's effective now may not work later on, so stay up to date as much as possible.
First, you should understand that there are five basic functions of a security plan. Everything there should allow you to:
- Identify
- Protect
- Detect
- Respond
- Recover
Fully eliminating cybersecurity risk is impossible, but having these precautions in place significantly lessens them. You should also assess and reevaluate your security plans every once in a while.
What's effective now may not work later on, so stay up to date as much as possible.
A data breach means disaster... but it doesn't have to.
One out of every ten small businesses that experienced a data breach closed down in 2019. Another 69 percent went offline for some time after a cybersecurity event, while more than a third suffered financial losses.
The steps and precautions outlined will help lessen chances hackers attacking your system.
The steps and precautions outlined will help lessen chances hackers attacking your system.
RSS Feed