Key Cybersecurity Best Practices for Restaurateurs
November 29, 2022
At a glance
- The main takeaway: Restaurants are targets for cybertheft due to the fact they deal in large volumes of transactions and possess critical personally identifiable information.
- Impact on your business: Restaurateurs must be vigilant in securing the most vulnerable areas of their businesses and introducing sound cybersecurity best practices to help protect their most important assets.
- Next steps: Aprio can provide the industry and cybersecurity expertise that restaurants need to ensure they don’t fall prey to malicious and costly attacks.
The full story:
Did you know that one of the most dangerous threats to your restaurant business is one you can’t necessarily see?
Cyber breaches are far more common — and far costlier — than restaurateurs realize. According to IBM, the average cost of a data breach in restaurants was $3.03 million last year alone, up from $1.72 million in 2020.
If you have never been the victim of a cyberattack, your initial question may be: “Why would a cyberthief go after my restaurant?” Not only are restaurants fast-paced environments, but they also deal in thousands of transactions every day and possess personally identifiable information (PII) that thieves find lucrative (think credit card and bank account numbers, among other credentials).
With the busy holiday season right around the corner, it’s worthwhile to give your cybersecurity program another look. Here are some of the top factors and tips to consider.
Key vulnerabilities in your restaurant business
Though it’s impossible to know how, where and when cyber thieves may strike, you can eliminate some of the most prominent entry points by focusing on a few key areas of your business. Those include your:
- Point-of-sale (POS) system: Your POS is a central hub of your business and a gold mine for thieves, as it absorbs critical PII from your customers. Depending on the size of your business and the number of customers you serve, your POS could have access to thousands or even hundreds of thousands of bank account and credit card numbers on a daily basis. This is precisely how hackers committed the infamous Target data breach in 2013, in which 70 million shoppers’ personal records were exposed and an estimated 40 million credit and debit card numbers were stolen.
- Networks and platforms accessed by employees: If your staff uses a particular internal software system to punch their timecards or track human resources information, then you need to secure it against potential breaches. This also includes the accounting systems you may use for bookkeeping, which contain essential financial information about your business. Your restaurant’s social media networks may also be catalysts for fraud, particularly from a branding perspective. You could run into issues if you share credentials with your employees and fail to update them after they leave your restaurant (whether on positive or negative terms).
- Digital order platforms: During the pandemic, you may have pivoted to use online ordering apps like GrubHub or an online ordering platform on your website. Hackers can access these systems and collect more PII from your customers, including email addresses, passwords, home addresses and payment information.
- Online banking accounts: Banking online is easy and convenient, but it’s important to be mindful of the risks if you don’t practice proper security habits and protocols. For instance, if the login credentials you use for your social sites and accounting tools are the same credentials you use for your online bank accounts, then you have made it easier for hackers to gain access to the assets that are most important to your business, including your finances.
Steps you can take to better secure your restaurant
1. Invest in employee training and greater due diligence
It may surprise you that one of your best defenses against cyberattacks is your people. Make sure that your employees are trained on internet security best practices, the importance of good password maintenance and protection, and tactics for identifying malicious cybertheft attempts like email phishing — which is one of the most common attacks employees fall prey to.
Additionally, make sure that you are vetting all of your new employees thoroughly with background and reference checks. Your employees have access to sensitive business and customer information, and it’s critical to ensure that you leave no stone unturned when deciding who is best for the job.
2. Use reputable POS providers, vendors and security best practices
Take care to ensure you are choosing a POS system and provider that meets all standard cybersecurity protocols and provides top-notch customer service. You should also consider creating unique passwords and POS identification numbers for your employees, which will help you better pinpoint patterns and potential cases of internal theft.
It’s also important to practice the same amount of careful due diligence when selecting vendors and suppliers. Reference checks can be a helpful tool when vetting the external partners you work with, as these individuals often have access to business and customer information that could be lucrative to hackers.
3. Be smart about tool and technology placement
You live to provide great service to your customers, but you should also be wary about who comes into your restaurant and their intentions. Make sure to strategically place your computer systems and front-of-house register stations in more secluded areas of your restaurant away from customers. This will prevent unauthorized users or nefarious actors from seeing sensitive information that they could use in a cyberattack.
The bottom line
By staying vigilant and implementing cybersecurity operations, as well as a culture rooted in security best practices, you can protect your restaurant from malicious hackers. At Aprio, we bring to the table robust expertise in cybersecurity and digital transformation, plus a deep understanding of the restaurant industry to help protect your organization against cyberattacks.
Schedule a consultation with our team to learn more.