As restaurants around the country start to re-open for on-premises dining in some capacity, there are a lot of lessons to be learned from the experience of the past few months. Whether they closed entirely or adapted their business model to some other form such as delivery or curbside pickup, restaurants have had to rely more heavily on wireless technologies. And that’s meant that cybersecurity has had to become a bigger part of the consideration.
Digital Transformation and the New Dining Reality
The COVID-19 pandemic has necessarily prompted the hospitality industry as a whole to adapt to new business models or risk folding entirely. In some respects, it’s been a time of ingenuity with businesses moving to delivery, drive-through expansions, pop-up and satellite models, and more. The bulk of these also required expansion of touchless and contactless (or low-contact) payments, which while convenient, also create a new vulnerable attack sector. And this expansion is going to continue as restaurants re-open while integrating ways to minimize person-to-person contact.
Those restaurateurs who had already integrated digital and omni-channel practices into their businesses have seen much greater sales volume and repeat visits than those who had been forced into adopting a digital strategy at the last minute. Those slow adopters had to act quickly to build out or expand capabilities to meet customer demand. That’s meant installing new hardware or repurposing existing wireless infrastructure that previously supported guest-access or internal operations in order to secure drive-through, curbside and pop-up transactions. But the elastic and nimble mindset that comes with rapid adaptation can often mean cybersecurity takes a backseat.
The reality is that many operational responses to COVID-19 did not fully take cybersecurity into account. Existing risks were exacerbated, and new ones became more prevalent due to the need for rapid and often rushed deployment of digital technologies to meet customer demand. This was all occurring as security expenditures were being cut and controls relaxed meaning IT were often rushed through without following routine change protocols. This is a key lesson that restaurants now preparing their reopening strategy can learn from.
New Models Come with New Security Risks
Reopening for indoor and outdoor dining in compliance with state and local guidelines has required restaurants to go through another phase of transformation. In addition to all of the physical changes that must be made, such as spacing out furniture and creating barriers, many restaurants will also be making greater use of contactless payments, kiosks and other technologies.
With the expense of the physical changes, some restaurants may be tempted to let cybersecurity concerns fall to the back burner. But this cannot happen, especially with the expanded cloud presence many restaurants have adopted in their move to support new operations during COVID-19. Not only must cloud capacity be carefully monitored, but it’s also essential to ensure their cloud presence remains adequately secure. This includes looking for and resolving common misconfiguration errors that are increasingly being exploited by cybercriminals.
While digital and contactless transactions are more inherently secure than traditional card-based transactions, it is still possible for cybercriminals to see and capture them. Likewise, the infrastructure used to support these technologies has traditionally been prone to misconfiguration leaving restaurants open to lateral attacks and compromisation of cardholder and sensitive data alike. So as business owners continue to adopt and embrace these new payment models they need to do so with the protections to ensure the privacy of customer payment card data and remain in compliance with industry standards like the Payment Card Industry Data Security Standard (PCI DSS). At the same time, restaurants must restrict unauthorized access to other parts of their business from patrons or other outsiders.
All of this means that cyber hygiene must not only remain at the forefront but will also need to be strengthened.
Deploy and Secure Expanded Restaurant Services
Within the new normal of keeping businesses afloat, much has changed and will continue to change about the way retail transactions occur. The ability to provide safe and consistent customer experiences is paramount. Today, that need extends beyond the quality of the products and services offered to include the digital security of customers. By embracing new digital innovations for extended customer service, restaurants can maintain the viability of their businesses in these difficult times, but only by securely scaling their networks to help meet customer demand while keeping them safe from unnecessary public exposure.