The business of running a restaurant is no longer limited to exceptional recipes, gorgeous plating, and advertisements. In an age of online ordering, customers demanding Wi-Fi, and the need for websites to dazzle just as much as the food, countering cybercrime has to be a factor in the day-to-day work of restaurant management.
Recent data breaches in the restaurant industry targeted customer data through POS systems. Malware is often present on systems for months before IT divisions and owners are aware. And for smaller restaurants that rely heavily on vendors to provide POS systems, build apps, process payroll, or coordinate delivery, it can be difficult to manage the vulnerabilities introduced to the restaurant’s ecosystem, including employees, customers, and the restaurant’s reputation.
Each layer added to a digital landscape provides convenience, draws customers, and can even save money. But each layer also comes with risk.
How Can Restaurants Arm Themselves Against Cyber Threats?
Following the steps below won’t guarantee that a restaurant will be safe, but they are important places to start.
Put Partners Through a Background Check
Just as owners and HR personnel put new hires through a background check, vendors and technology partners need to be put through similar evaluations. Owners should perform careful research for everything that touches the network or the brand name.
Is the vendor connected to a past breach? Can they show records of long-term, secure services with other partners? Though it may be tempting to go with the lowest bidder, making choices strictly through the lens of a dollar sign can lead to serious gaps in coverage.
Safeguard Customer Data Online
Any restaurant that collects customer data through a website or app can be held accountable for the unintended exposure or loss of that data. Developers are the experts in this world, so restaurant owners need to know the right questions to ask. Where is the data stored? Is there a single server at risk? Is data stored in plain text or encrypted? Is data, such as credit card numbers, tied to customer names and addresses? What about data backups kept on an off-site server or in the cloud? Storage vendors also need to be evaluated.
Even if a partner causes customer data to be leaked, the restaurant’s reputation will come under fire.
Provide Secure Wi-Fi
Customers want easy access to free Wi-Fi, but providing this service doesn’t need to mean opening a restaurant’s network to criminals. Partner with an IT expert when setting up networks, and be sure to partition the public Wi-Fi from the locked-down, in-house network. Help keep the public-facing part of the network secure by only offering the guest password to paying customers, and change the password frequently to prevent lingering access and misuse of your network.
Use both software and hardware firewalls, and consider enrolling in threat detection programming that will alert owners and shut down access for suspicious activity. Don’t collect data on customers browsing the web, but consider website and large-size file transfer blocking software to protect the speed of the network for other customers of the restaurant as well as its network security.
Invest in Extra Protection
Paying for top-notch POS systems can feel like a pain, especially when something basic also gets the job done. However, the extra dollar can cover encryption of restaurant and customer data, tie transactions to employees, force secure password updates, and is always PCI (data protection) and EMV (chip and PIN usage) compliant.
Education Is Key
When it comes to cyber security, people are the weakest link. Criminals know that people are prone to make the same mistakes over and over again, and bad actors target their attacks at known vulnerabilities.
Some of the most common attacks are phishing emails, where criminals pretend to be vendors or service providers and urge users to click on a link or download a file. These vary from cookie-cutter emails to highly personalized messages tailored to the user’s name, contacts, and may even include an invoice that seems reasonable. Instead of clicking, users should contact their vendor directly to verify the correspondence.
Passwords, whether on physical devices or connected to a network, are another weak link. Owners should consider enacting a password policy that enforces password complexity. This policy should steer users away from passwords like “password1*” or “GoCardinals2019” as these are incredibly easy to guess.
Education for owners and all employees on the basics of cyber security is important to ensure the weakest link isn’t the one that breaks.
Prevent, Prepare, Prevail
The worst breaches in the restaurant and other industries have been compounded by a lack of awareness and a lack of action, even when owners know of the risks, crises, and active attacks.
Don’t make the same mistake.
- For owners who already employ IT staff or work with an IT partner: Provide the budget and time necessary to successfully safeguard the restaurant and all of its digital infrastructure. If a member of these trusted teams recognizes a red flag in the cyber landscape, listen and take immediate action to remedy vulnerabilities, seal off infections or malware, and inform customers of risk.
- For owners who operate without any input from IT experts: If the restaurant operates in any way that touches the web, IT management is essential. This is not a risk that can be ignored. Small businesses are far from safe from threats, and unprotected, unmonitored systems bear a virtual target for criminals.
The best result is obviously to take the steps necessary before an attack. However, if a restaurant or chain is breached, quick disclosure and efficient remedies are mandatory if owners want to preserve the reputation and future of their business.
A dedicated IT staff or partner business brings expertise to restaurants and will ensure that all protection and response plans give restaurants the best chance at protection and full recovery.