Two words are enough to strike fear in the heart of any business owner: cyber attack. Unfortunately, this is one threat you can’t just ignore and hope will go away.
Why? Because the problem is escalating.
In fact, 43 percent of companies in the U.S. have been victims of cyber attacks caused by “malicious insiders” while 36 percent have been compromised due to stolen devices.
Restaurants are far from immune. So what can you do to protect your data and restaurant from this growing problem? Let’s take a closer look.
Data Breaches and Beyond
Just last year, P.F. Chang’s China Bistro faced a security breach across 33 of its locations in 16 states.
Over an eight-month period, credit and debit card data was stolen, including card number, cardholder name, and even the expiration date — in other words, everything a criminal needs to go on a spending spree or open a new card in one of your customer’s or employee’s names.
Suffice it to say, this is a less-than-desirable scenario.
But credit card information isn’t he only vulnerability.</p
Most restaurants also collect and store other sensitive data electronically, including everything from pricing and costs to recipes and information on new business ventures.
Today’s criminals aren’t just targeting card information, but all of this other data which can compromise your operations and credibility.
Aside from whatever funds are lost in a data breach, your reputation and consumer trust are also at risk.
Even employee loyalty can be compromised: Even if their data is spared, how can they trust you to safeguard their private financial data if you couldn’t do it for your consumers?
All in all, the impact on your bottom line can be a big one: According to payment processing firm Transaction Resources, a data breach costs small businesses anywhere from $36,000 to $50,000.
Help is On the Way
Many restaurant owners mistakenly think improving cybersecurity involves only high-tech, expensive solutions.
However, this is not necessarily the case. While expensive cybersecurity solutions are an invaluable defense, there are also other simple yet significant steps restaurants can take.
To that end, the National Restaurant Association and several restaurant industry professionals are partnering up to develop the Cybersecurity Framework for the Restaurant Industry.
Based on the cross-industry standards proposed by the National Institute of Standards and Technology (NIST), this comprehensive resource will address the restaurant industry’s specific needs.
Said Susan Carroll, White Castle Director of Information Security and Chair of the Cybersecurity Framework for the Restaurant Industry committed,
“This involves all of us. We don’t think the existing guidelines are tailored to our industry. We want to put in terms that make sense for restaurants. We’re trying to make security more accessible, more readable, and that makes it more actionable.”
Cybersecurity 101
Until the Cybersecurity Framework for the Restaurant Industry document is finalized, Cybersecurity 101: A Toolkit for Restaurant Operators is a handy primer for restaurant businesses in terms of understanding the issue and taking preventative protective measures.
Why cybersecurity will always remain a threat, sophisticated new technologies, such as EMV, end-to-end encryption and tokenization, are extremely effective countermeasures.
However, you don’t have to leave the door open to criminals while awaiting the one perfect security solution.
In fact, there are some simple things you can do right now to protect yourself and your establishment — many of which require little to no technologically savvy.
Best practices include:
• Limiting access — both physical and remote — to equipment and data sources
• Educating and training staff about the importance of cybersecurity and cybersecurity measures
• Running the most current version of whatever software you use for your operations. (New versions address vulnerabilities discovered in former versions with “patches.” Running old software, meanwhile, leaves you vulnerable.)
• Regulating how and when passwords are changed — including both at routine intervals and following turnover.
One last thing to keep in mind?
According to Cybersecurity 101, 78 percent of hospitality sector breaches took not days, not weeks, but months to be discovered. And the longer data remains vulnerable, the more damage you’ll incur and compounding the impact on your organization and constituents.
The solution? Routine monitoring designed to quickly pick up on breaches.
While in some cases a cyber-attack may be unavoidable, whether you have the mechanisms in place to respond in the most expedient and effective way is not only in your hands, but can determine the extent to which your restaurant recovers.