The threat from cybercrime is real and rapidly evolving—and the hospitality industry has emerged as a prime target. Food service in particular has a set of characteristics that make stores vulnerable to cybercrime, including a large volume of transactions, high employee turnover, a wide-ranging network of vendors, and extensive digital connections. Unfortunately, the same technologies that improve restaurant operations and enhance customer service are also fresh bait for cybercriminals, who have zeroed in on restaurants’ connections to vendors of POS systems and general IT support.
As security risks loom larger, it’s essential to put more emphasis on protecting your business and reputation. This means both creating a culture of cyber safety and awareness as well as taking tactical steps to identify current vulnerabilities and make security improvements.
Our information security professionals at Ironwood shared their tips for restaurant owners looking to reduce their risk of a cyberattack.
1. Conduct an IT audit
We can’t stress enough the importance of identifying all of your systems—software and hardware—and how those systems are connected internally and externally. Your risk management partner should provide a security risk report to identify current vulnerabilities, recommended security improvements, and make cyber insurance recommendations.
2. Make employees aware of phishing scams—and restrict computer access
The vast majority of breaches start as phishing or “spearphishing” emails. They rely on people falling for them by clicking on a link and/or changing information in the vendor system, unwittingly giving criminals access to the store’s information. Educate your employees on what these scams look like and advise them to never click on a link without confirming with the sender. As best as possible, limit access (and especially remote access) to your computer systems and servers.
3. Install chip readers
If you don’t have them, consider investing in chip readers at the point of sale. The technology behind it is designed to not only cut down on consumer fraud, but also limit credit card and bank issuers’ liability for fraudulent payment chargebacks. In a 2017 report, Visa said counterfeit-card fraud has dropped by two-thirds for chip enabled merchants. EMV (which stands for Europay, MasterCard, Visa) compliance law stipulates that all businesses need to upgrade their point-of-sale systems to accommodate EMV chip cards and EMV compliance. Otherwise, you won’t be able to avoid liability under new credit card chip reader law. Major credit card companies requested most merchants do so by October 1, 2015.
4. Secure your passwords
Another common cause of breaches are credential compromises. A leaked password at the corporate or franchise level can open a back door into the POS system, where criminals can then deploy malware to the server. Invest in an online password manager such as LastPass and make sure logins and passwords are never shared by email.
5. Vet your vendors
Most restaurants work with at least one outside vendor such as an employee payroll service, online ordering app, or loyalty program. Make sure any vendors are PCI compliant and that their security measures are equivalent to yours. For vendors with access to employee information, such as a payroll vendor, make certain you understand how that information is stored and protected. PCI compliance and other aspects of cybersecurity can be complicated, so you may want to engage an outside firm to help. Having a strong partner in this is vital.
6. Use a firewall to separate devices
A correctly configured firewall can keep malware-infected devices from infecting other devices on your network. Your kiosks, for example, should not be on the same network—network bifurcation helps significantly.
By understanding how to perceive threats, limit risks, educate your employees, and take action, your restaurant and its customers will be more secure.
Ironwood is a risk management and insurance and employee benefits brokerage and consulting firm in Atlanta, GA. Some of the country’s most notable restaurant groups rely on Ironwood to provide proactive and creative risk management and employee benefits strategies. With the financial pressures and changing risk environment surrounding the industry, Ironwood understands the importance of staying current on all issues and presenting the best analytics, loss reduction and risk transfer products to their clients.