Some Tim Hortons locations had to close after a virus infected cash registers at potentially 1,000 stores. More than 160 Applebee’s restaurants found malware on their point of sale (POS) systems that could have captured guests’ names, credit or debit card numbers, expiration dates, and card verification codes. A data breach at a former supplier led to the leak of Domino’s customer data.
This rash of stories over the past six months underscores three truths: Your restaurant network is a gold mine of personal information about your customers, hackers know it and are doing their best to acquire it, and third-party vendors can compromise your ability to protect customer information.
If your vendors are connected to your network and the proper controls aren’t in place, it could be a pathway into your network for hackers who could lock down your systems, prevent you from serving customers, and hold you for ransom or make off with your customers’ personal information.
But by rethinking your network security and thoroughly vetting third-party vendors, you can stay out of the headlines and keep customers—and yourself—safe. Here’s how.
Vetting your vendors
How many third-party vendors work with and enter your restaurant daily? Most likely, you have vendors for your produce, electrical, cleaning services and more. And while you hire them based on factors like quality, customer service and so on, increasingly you need to take a look at their security practices as well.
As we’ve seen, many restaurants have suffered data breaches not because hackers penetrated their own systems, but because vendors were vulnerable. So if you’re hiring a third-party vendor that needs access to your network and data, make sure the following questions are part of your vetting process:
The first three questions will give you a sense of how seriously the company takes security. If it answers no to all three, that should be a huge red flag.
The fourth and fifth questions will help you understand what inroads into your network the vendor needs and how you can limit its access to your systems so that even if the vendor is compromised, your network and data remain safe (more on this below).
Vendor security should be one of your top priorities. It doesn’t matter how great the service or product is; if the vendor doesn’t make the grade, find someone else.
Strengthening your network
In addition to working with vendors that take security seriously, you should take a look at your network. By reviewing how your network is set up and taking the proper precautions, you can keep your systems secure even if a third-party vendor is attacked. There are three steps to implement.
Don’t become the next victim
Cyberattacks on restaurants are all too common. But you can avoid becoming a victim by making sure all the basic security measures are in place; checking security as part of vetting any vendor; policing access to your network among employees, customers and third parties; and segmenting your network to contain any damage if you’re attacked.
Your customers entrust you with their sensitive personal data and money – in exchange for both, they expect to receive your services while retaining their privacy. In the end, protecting your customers’ data is protecting yourself and ensures recurrent patronage to your restaurant.