Restaurants that are already fighting for survival during the pandemic are now facing an increased risk of being targeted by cybercriminals. Hackers have the hospitality industry in their sights. And now that thousands of restaurants have been forced to make hasty pivots to digital business models, they are more vulnerable than ever.
No Small Concern
Cyberattacks cost businesses of all sizes an average of $200,000, according to insurance company Hiscox. The impact from these incidents stretches from immediate costs like restoring IT systems and recovering data to reputational damage that can affect future sales—not many diners want to turn over their credit cards to a restaurant that isn’t keeping their data safe. While restaurants have been innovative in their COVID-19 business plans, many have not been as vigilant with updating their security. This oversight could wind up being what sinks them.
Hackers find restaurants an appealing target for a number of reasons, including their large volume of transactions, high employee turnover, and extensive networks of vendors. The good news is that there are ways to keep your business, and your restaurant’s future, more secure. First, it’s necessary to understand the areas your restaurant is most at risk, and then you should prioritize the necessary steps to secure them.
Protect Your Point-of-Sale
Point-of-sale systems are prime targets for cybercriminals looking to intercept customers’ credit card details, and the rapid shift away from cash and towards contactless transactions has increased the risk. Criminals used to have to physically tamper with a card reader, but they are now deploying increasingly sophisticated skimming devices that use wireless technology to intercept credit card information. Using a chip-card reader, which is more secure than swiping the magnetic strip, remains one of the best defenses against this. Training frontline staff on signs of tampering with a POS system and ensuring each server uses a unique ID so suspicious patterns can be identified are also important steps. But criminals don’t have to attack the POS itself to intercept payment data. WiFi connections and the links between the POS and network servers are vulnerable and require proper security systems in place to protect them.
Be Vigilant of Technology Platforms
The pandemic has caused restaurants to rapidly expand their use of online platforms and mobile apps that are provided by tech companies to enable take-out, curbside, and even on-site dining. Most restaurants now work with several third-party vendors, including a host of delivery apps. Hackers look for security weaknesses in those connections. According to the Bank of America, up to 40 percent of hacks occur through criminal exploitations of the links between a retailer’s network and the vendor technology it uses. Once a network has been breached, criminals can install software that disables that vendor’s technology and then demand payment for its restoration. Ransomware hacks like these have been the top cybersecurity risk for businesses since 2010.
Data protection and system backup/recovery solutions along with training employees in cybersecurity essentials remain the best options for businesses to protect themselves from the risks that come with using online platforms. Restaurant managers should:
- Ensure their networks are up-to-date with antivirus and malware detection software.
- Ensure they stay current with system security patches.
- Configure firewalls to keep any malware-infected devices from infecting others in a network.
- Confirm that any vendor software is Payment Card Industry Data Security Standard compliant (PCI-DSS).
- Perform quarterly PCI scans to check for vulnerabilities and ensure compliance with PCI standards.
- Limit access to vendor systems as much as possible.
- Change all default passwords and use an app that stores passwords securely, such as LastPass or Dashlane.
- Secure IoT devices, such as smart thermostats, air conditioning, and lighting controls.
Restaurants should make cybersecurity part of the discussion with every technology company they consider using. A vendor should have solid cybersecurity policies and procedures in place, and be able to go into them in detail if asked. This is especially important for systems that have access to sensitive information, such as payroll services. If a company’s representatives cannot explain where it stores data and how it protects it, that’s a red flag.
Guard Against Business Email Compromise
Even in a world of increasingly sophisticated hacks, email phishing scams were still the cyberattack most commonly reported to the FBI in 2019, accounting for $1.7 billion in losses. Phishing schemes are more subtle and harder to recognize than ever. Hackers may impersonate suppliers, vendors, or even colleagues in an attempt to get an employee to open a damaging email or click on a malicious link.
Fortunately, there is a growing number of spam and phishing protection tools utilizing the latest in artificial intelligence to detect and identify these threats. But don’t rely on these alone. Restaurant owners need to remain aware of widespread phishing threats and regularly train employees on how to be hyper-vigilant to them.
With all a restaurant owner has to do in a day, especially during this challenging time, keeping the business safe from cyberattack may fall toward the bottom of the priorities list. This is a risk no one should be taking. With both technology and cyberattacks constantly evolving, it can seem like a daunting task to fight against. Restaurant owners can find support with cybersecurity solutions from outside IT specialists that help set up these security systems, and with trusted employees to help with security oversight and operations. While times may be tough and the threat of a breach increased, putting the time and effort in now can save your restaurant thousands down the line, and ensure you maintain customer trust in your establishment.
Ara Aslanian is co-founder and CEO of Inverselogic, a technology consulting and management company. He is a member of the advisory board at LA CyberLab and on the leadership council of Secure the Village, both of which monitor emerging online threats and provide education on countering them.