Cybersecurity Best Practices for Restaurants

    Here's how to protect your data.
    A woman holding a smart phone with a lock screen.

    unsplash/Petter Lagson

    Be vigilant, create a culture of questioning, and keep your ear to the ground.

    Cyber criminals often go after small businesses because they are more vulnerable. This is partly because owners are more focussed on day-to-day running concerns, and because they often need to keep an eye on costs, cybersecurity may not be a priority. Working in a particularly fast-paced sector, restaurant owners need to be aware of any existing vulnerabilities in their business, and what can be done to fix these. Here are some insights about cybersecurity in restaurants.

    Why cybercriminals target restaurants

    Cybercriminals are usually seeking money and/or information, or money obtained by stealing and withholding information. In the case of a restaurant, a cyber attack would likely be seeking;

    • Employee details stored by the restaurant
    • Customer bank details obtained by the restaurant
    • The restaurant’s business bank account details

    With this information, a cybercriminal could obtain personal details which could be used for fraudulent activities, or access to funds. With either personal or business bank account details, a cybercriminal could make payments into their own account, or use the details for their own spend.

    What are the cyber-sensitive areas of a restaurant?

    In the case of a restaurant, there are four main areas that should be properly secured from cybercrime;

    Point-of-Sale System

    A restaurant’s POS system could see hundreds of different bank account details every day. If the system is affected by malware, all of these details could be obtained by cyber criminals. This was the case with Wendy’s in 2015–16, when more than 1,000 of the 5,700 Wendy’s restaurants (at the time) were affected by a cyber hack on their POS systems. This resulted in a huge lawsuit, leading to a $50 million settlement cost.

    Internal Network

    Internal software used by restaurant staff is likely to contain sensitive information such as employee details (on an HR system), as well as accounting information for the restaurant.

    Online banking

    Restaurant owners and/or accountants who use online banking facilities must be aware of the possibility of this being targeted. While many online banking services take considerable action to maintain security, there is always a possibility that details could be obtained through other means. Shoulder-surfing is a very real security concern, and hackers have been known to place recording devices in computer rooms, enabling them to physically see passwords being entered.

    Online sales

    Restaurants that use a website on which customers can order food need to consider its security. If cybercriminals manage to hack into the site, they will be able to obtain customers’ personal information such as addresses and bank details.

    5 Tips to make sure your restaurant is cyber-secure

    In a restaurant setting, there are a number of methods that can help guarantee cyber security. Restaurant owners should stay vigilant and consider the following;

    Create a human firewall by educating your staff

    Your staff can be one of your most helpful defense mechanisms, if they are properly trained. Make sure they understand the importance of internet security, avoiding any questionable websites and deleting suspicious emails on your restaurant’s computer devices.

    Use reputable, recommended providers and suppliers

    Make sure your POS system provider has good reviews and a reliable service; they should have a team that can be contacted at any time. Your food and equipment suppliers should also be reputable, as they will be privy to your business details including payment information.

    Keep computers away from the front of house

    Any business computers or devices should ideally be kept away from the view of customers. This will decrease the likelihood of them being accessed by unauthorized people, as well as stopping anyone from seeing sensitive information such as passwords.

    Carry out background checks on employees

    To help establish trust of your staff, be sure to check their references and other background information before hiring them. Restaurant staff may have access to a range of delicate information, belonging both to the restaurant and its customers. This is particularly true in the US, where common practice is for servers to take customer credit cards away from the tables in order to process payments.

    Introduce unique identification numbers for staff

    Each member of staff should have their own identification number to use to access the POS system. This method will allow you to track any discrepancies and problems, and enable you to quickly determine which employee should be questioned if there are repeated incidents.

    Armed with information about why cybersecurity should be taken seriously in the restaurant sector, as well as methods with which to achieve cybersecurity, restaurant-owners should better be able to protect their business. Be vigilant, create a culture of questioning, and keep your ear to the ground.

    Dan May is the commercial Director at ramsac, providing proactive, secure, reliable IT solutions and support for charities and other growing organizations.