The continuing trend of conducting online transactions in recent years requires restaurants to be more aware than ever before of protecting their own - and customers' - data from cybercriminals.
This isn't to say restaurateurs have been ignoring data security; however, today's cybercriminals have intensified their onslaught of attacks on online restaurants. There are new and increasingly sophisticated ways of stealing sensitive customer data from restaurant websites, online ordering management systems, servers, and even your front desk. No one would be none-the-wiser until it's too late.
Did you know that 90% of industry breaches in the hospitality industry are linked to point-of-sale transactions?
What could a data breach of your restaurant's systems lead to? Investigations from authorities, irreversible damage to your reputation, loss of consumer trust, to name but a few immediate consequences. Oh, and then there are the penalties and fines that could easily cost hundreds of thousands of dollars.
With cybercrime, it's not a matter of if your data will be targeted, it's a matter of when and how.
Ask yourself: are you ready to protect your restaurant guests' data from hackers?
To match the endeavor of cybercriminals, restaurateurs should prioritize how they accept, store, and secure personally identifiable information and how they use their payment systems.
In this blog, we'll take you through various ways you could protect your restaurant.
Screen All Devices That Are Connected to Your Wireless Network
Don't run your restaurant systems on outdated software. You would be surprised to learn that many businesses continue to use Windows XP - an operating system that no longer receives support from Microsoft. This means hackers can exploit well-known vulnerabilities in the system with a relatively high success rate. So update your operating systems, software, online tools, and anything used to connect to the internet.
Secondly, you should utilize network segmentation to control how internet traffic flows into certain parts of your systems. You can choose to stop all traffic in one part from crossing over into unimportant areas, or you can limit the flow of traffic by device type, user, source, and other options. Network segmentation not only allows you to create your wireless internet policies but also enforce them.
If an employee gets careless and decides to browse the internet while on the POS device, they'll not be able to do so because the system would automatically restrict their access.
Pro tip: Use a properly configured firewall to isolate certain aspects of your network from outside interference. For instance, your POS systems should not be connected to your main restaurant wireless network. They should not be on the same network.
The world's best security systems are only as good as their weakest links. And oftentimes, your employees will be that weak link - not because they're inherently malicious, but because they don't know any better.
The origins of most security breaches (especially ransomware attacks) are phishing emails that are often easy to spot. All it takes is one compromised file from an untrusted source to infect your entire system. Employees should know better than to click on anything suspicious. It's better to be safe than sorry.
Here's a well-written blog discussing various forms of phishing emails and how to detect them.
Pro tip: All your devices should be protected with antiviruses software. We also recommend setting up two-factor authentication (2FA) for vendor payments to make it harder for malicious parties to authorize fraudulent payments.
Create a Detailed "Shred List" to Discard Sensitive Information
Even if you've decided to 'digitize' your operations, much of the information you collect will continue to be stored physically. This will make the information vulnerable to a physical breach (including online breaches if the information is stored online).
This is why you should maintain comprehensive documentation of information related to identity cards, customer lists, licenses, credit card data, and others. Train your employees to identify materials that should be shredded. Make a list of items that should be shredded and ensure it is accessible to the staff.
Evaluate Your Third Part Vendors - Can You Trust Them?
Have you gauged the cybersecurity measures of your third-party vendors? In case of a data breach, you'll be held accountable even if it wasn't your fault. This is especially true if you're handling other people's information such as PCI or federal contract-related data.
The data you share with them may be vulnerable to misuse or exploitation. The stakes are even higher if your vendor collects personally identifiable information, payment, and other sensitive data. Unfortunately, not all vendors have strong cybersecurity programs, and that could put you at risk. Moreover, it's not easy to identify vendor risks. If a third-party vendor in your business ecosystem experiences a breach, the consequences can be disastrous.
This means you should carry out a risk management program to mitigate any risks imposed on your systems, and when needed, cease operations with them until they also do their due diligence.
A third-party risk management survey will let you identify all the weak links in your vendor network, with the end goal of strengthening whenever possible.
This also applies to vendors who have access to employee information, such as payroll vendors for restaurants. Ask them how they store and protect information.
Pro tip: Find a safe and secure third-party remote access platform to compliance relatively easier for all parties in a business ecosystem. This is because you can gain a bird's eye view of compliance on a single platform, including remote access permissions, manage connections, and audit access trails.
Background Check Employees
Some of your employees will regularly handle sensitive financial and identifying information of guests. For example, an employee may handle credit card numbers, bank account information, personally identifiable information, and other data.
If one of your employees steals this information, whether due to malicious intent or otherwise, and uses it to authorize fraudulent payments, your restaurant could be on the hook for fines, negligent hiring lawsuits, and bad press.
This is where employment background checks can play an important role by screening employees who may be a risk for committing thefts or fraud. With employment background checks, you can make informed decisions about potential applicants who can be trusted with sensitive financial information.
Secure Data in the Cloud
Cloud-based POS systems can be a game-changer in the hospitality industry. It becomes easier for all your employees to access convenient features, and these systems are often more secure than legacy POS systems. When your restaurant data is stored in the cloud, it becomes easier to manage customer data.
Another benefit of using the cloud is that you may also get the ability to monitor your restaurant activity and quickly identify malicious incidents.
This also means investing in a reputable online ordering CRM for restaurants. Select a robust POS that has a built-in ordering system to help you process orders on the go.
MenuCRM can provide you with access to tools that let you keep track of inventory, orders, and analytics.
Become More Compliant with the Law
Verify that your restaurant's privacy policies comply with state and federal laws that apply. Ensure that your staff remains compliant with these laws by making them a mandatory part of staff training to avoid the risk of breaches (and the fallout resulting from them).
Standards and regulations such as PCI DSS exist to ensure that private businesses are doing what they can to protect personal information, and that they are utilizing updated technology systems to protect their customers and employees.
Get Cyber Security Insurance for Restaurants
As an extra layer of protection, consider adding cybersecurity insurance to your current coverage plan. The insurance plan will protect you in case of data breaches and the damages caused to your electronic systems and data. Cybersecurity insurance may also transfer some of the risks to the insurer.
Make sure your cyber insurance policy also covers financial losses from cyber events. In addition, it should also help with costs associated with legal assistance, customer credits, refunds, and reputation management.
Major insurance companies may also cover costs including:
- legal fees levied due to privacy violations
- notifying customers in the event of a security breach
- meeting extortion demeans
- recovering data that has been compromised
- restoring identities of customers whose data was comprised
- doing damage control
Wrapping Up - Gearing Up For Anything and Everything
While all the steps you take above will ensure that your systems are protected from the looming threat of cybercrime, you should also have a crisis management plan in case your restaurant's systems get compromised.
For small restaurants, the cost of a cyber attack can be devastating, and for this reason, you should always be on your guard and put a plan in place for how to respond to data breaches.
Get up-to-date information on how you can protect your restaurant from cyber threats by getting in touch with the experts at MenuCRM.