Restaurateurs have enough to worry about already. But kindly allow us to add one more item to your list: cybersecurity.
You might also feel like cybersecurity is an area that only huge banks, tech firms, and IT professionals need to worry about. In some ways, you’d be correct: choosing the right partners for your business is very important when it comes to ensuring security. On the other hand, there are many practices and tools you can use to make your cybersecurity even stronger.
Cybersecurity for restaurants is more important than ever because IT is an increasingly important part of both the restaurant sector and of retail more generally. Leading restaurants are teaming up with tech brands in order to offer their customers a better service, but many remain unaware of retail’s unique security challenges.
In this article, we'll look at why cybersecurity is important in the restaurant business, and how you can protect yourself from cyber attack.
Why Is Cybersecurity Important for Restaurants?
In order to understand why cybersecurity is important for restaurants, you only need to scan the recent headlines. A few months back, several Tim Hortons locations were forced to shut down after a computer virus infected cash registers at more than 1000 stores. At around the same time, 160 Applebee’s restaurants found malware on POS systems. The malware was designed to steal customer names, credit card numbers, and verification codes. Before both of these incidents, a data breach at a former supplier led to the leak of Domino’s customer data.
All of these stories can be used to illustrate a simple truth: that investment in cybersecurity should be viewed as a necessary business expense. The cost of a hack or breach – both in monetary terms and in terms of lost reputation – can be disastrous for restaurants, and should be factored into your business plans and markup calculations. This is particularly important if, like many restaurants, you have embraced new technologies like cloud storage and third-party accountancy software.
So how can you make sure your business is protected?
Well, there are two main factors to consider.
Many restaurants subcontract many of their IT functions. That’s fine, but you need to ensure that the companies you are working with take your security seriously.
Some systems and functions are more critical than others. Social media marketing for restaurants does not typically rely on detailed, sensitive customer data. Other systems, like those used for business texting, do. It's easy to forget that, as a retailer, you probably hold a lot of data that is valuable for hackers: customer names, addresses, and banking details.
As in the examples above, many restaurants suffer data breaches not because their own systems are not protected, but simply because the vendors they work with have been lax when it comes to security. It is therefore imperative that every restaurant vets its vendors.
There are a number of key questions that you can use to do this:
Does the vendor have a security program?
Does the vendor make use of firewalls and other security tools to protect their own systems?
Is the vendor’s security audited by a third-party company? If so, they should be able to give your reports on the outcomes of those tests.
Does the vendor need to install hardware? Is this hardware also secure?
Finally, think about the possible effects on your own business if a vendor is hacked. How much of your data do they hold? Is this anonymized or encrypted?
Carefully assessing vendors in this way allows you to ensure that your partners are as secure as they can be. But there are also some security practices that are your responsibility.
You can’t rely purely on your vendors to keep you safe. You should also ensure that the systems you are responsible for – and the way in which you use them – are also secure.
There are a number of key steps in making sure your restaurant is secure. The first is simply to make sure that all of the software you use in your business is updated, just as you would with your home IT systems. Unpatched security vulnerabilities are still the most frequent source of security holes for small businesses.
Beyond this basic step, you should review three other aspects of your IT infrastructure. The first is to ensure that all of your internal communications are encrypted using a high-quality VPN. A “VPN” is a simple privacy tool that encodes all of the information you send and receive online in such a way that it can’t be read by anyone else, and is particularly important if you access your business systems off-premises.
Secondly, make sure that you secure your website. As the most visible and accessible part of your business, your website is a magnet for hackers. This is particularly true if you have an online reservation system because in this case customer data is stored on the same servers used by your website.
Finally, lockdown your WiFi network. Open WiFi networks are also a beacon for hackers, who can infiltrate them and then monitor all of the information being sent through your router. You should use a different WiFi network for your guests and your internal systems, and make sure that both are protected by a strong password.
Prepare For The Worst
While the steps above ensure that your systems are as well protected as they can be against cybercrime, you should also have in place a crisis management plan in case you are the victim of a hack or data breach.
For many small businesses, the cost of a successful cyber attack can be catastrophic, and for that reason, you should consider taking out cybersecurity insurance and put in a plan in place for how to respond to a hack.