We live in an era of personalization where consumers expect to be served tailored recommendations and experience customization in all aspects of life. The restaurant industry is no different, with diners craving a special experience every time they make a reservation or step into the dining room. And it’s guest data that helps restaurants make these one-of-a-kind experiences possible.
However, whenever data is collected, there is a risk of it falling into the wrong hands, and restaurants are no strangers to the threat of data theft.
With recent high-profile breaches affecting millions of consumers stemming from establishments like Panera and Buca Di Beppo, restaurant operators cannot let data security fall to the wayside. What’s more, the cost of a data breach is incredibly high. The average total cost of a data breach is $3.8 million, with individual stolen records – such as guest names, addresses, phone numbers, credit card information and date of birth – costing $148 each.
Knowing that privacy standards are higher than ever, paired with the challenges to adhere to current and upcoming laws like GDPR and the California Consumer Privacy Act (CCPA), restaurants must hold themselves more accountable for data security and guest privacy.
Start with Your Staff
Recent data uncovered that 27 percent of data breaches were due to human error or employee negligence, reinforcing that a restaurant’s first line of defense is their staff. Training employees to prioritize data security with simple best practices – establishing strong passwords, using multi-factor authentication, avoiding exporting data and keeping anti-virus software up to date – can be overlooked, but play a large role in preventing security breaches.
But with all this data, where is the best place to start locking down access and adding additional security measures? Prioritize the data that cyber criminals are most interested in – transactional data.
To start out, take stock of what types of data you’re collecting as an operator and which employees have access to it. Restaurants collect a variety of different information, from personal data including a guest’s name and birthday, to transactional data like credit card details and bank numbers,collected via a point-of-sale (POS), reservation system or payment-enabled service. But with all this data, where is the best place to start locking down access and adding additional security measures? Prioritize the data that cyber criminals are most interested in – transactional data.
Putting strict permissions in place to lock the most sensitive guest data limits access to only those employees who are working with the information regularly. Creating an access hierarchy and adding restrictions will immediately lower risk and make training easier for everyone. It’s also important to revoke permissions for employees that have since left the company. Many organizations struggle with this, with 67 percent of companies reporting that they are unsure or unable to determine if an employee who left is still accessing private resources. Requiring frequent password changes is a good way to help combat this.
Keeping Up with Technology
A recent study found that 33 percent of restaurants said payment security is a priority for tech investments, and as technology evolves, operators must review security practices regularly to ensure protocols keep up with the evolution of corresponding risks.
The first step is to pay attention to devices connected to your wireless network. Ensure you’re using an updated operating system, since many older systems contain security loopholes. Of note, nearly one in three businesses said they still run Windows XP on their network-connected devices, despite the fact that the operating system is not fully supported by Windows and is especially vulnerable to cyber attacks.
Next, make sure there is a passcode or pin required to access the network, providing this only to trained staff for business devices. When employees start using a POS or host stand tablet to browse the internet, that is when malware has the opportunity to infect a network.
While most data collection happens through POS devices and reservation systems, newer technologies like voice-powered assistants are being integrated into the restaurant experience and collecting data as well. With each new device and integration, operators need to ensure security is a main priority and tailored to each unique process.
Mobile Is the Future of Payments
The payment processing industry is constantly improving to provide more flexible and convenient options for consumers. In fact, by 2025 75 percent of transactions will be cashless. While these mobile methods provide benefits to businesses, they also present new cyber risks, as 40 percent of breaches last year targeted payment card data.
While mobile methods provide benefits to businesses, they also present new cyber risks, as 40 percent of breaches last year targeted payment card data.
Ninety percent of adults have a smartphone that they interact with an average of 65 times per day. Using a cell phone to pay instead of a physical credit card increases the frictionless interaction that consumers crave, and also helps secure the transactions. Smartphones typically use numeric passwords, fingerprints and even facial recognition to protect sensitive data, which provides more layers of security and backup protection. Cards and cash can be stolen as well, but unlocking and extracting information from a smartphone has many more barriers to entry.
While there are benefits to mobile payments, more than 70 percent of millennials, Gen Xers and Baby Boomers are worried about identity theft and loss of funds from using mobile payments. Because of this, operators must be extra thoughtful in their approach to security.
The first step is ensuring PCI Compliance. PCI compliance confirms restaurants are following the correct rules for securely taking credit cards to minimize risks of data breaches or other security problems. All businesses accepting credit cards must comply, but restaurants face unique challenges regarding the rules. For instance, PCI compliance is limiting employee access to data, but in a restaurant, many employees and servers are the ones that run the cards. To ensure you’re abiding by the requirements, use unique employee IDs and encrypted POS systems.
Customer expectations are only increasing, and guest data provides restaurants the ability to get ahead of them. Knowing that 34 percent of consumers said they would not return to a restaurant if it suffered from a data breach, restaurants must ensure data is safe – fostering a trusting guest relationship that will increase their bottom line for years to come.