You only need to turn on the TV, listen to the radio, or check the news to understand the major risk cybersecurity has become to businesses of all sizes. In fact, the global cost of cyberattacks is expected to rise from $400 billion in 2015 to $2.1 trillion by 2019, according to Juniper networks. In addition, Symantec has reported that almost half of cyber-attacks worldwide in 2015 were against small businesses.
The scope of these threats - including ransomware, data breaches, phishing emails, malware, botnets and much more - mean your restaurant is at risk, whether you recognize it or not. So how does a restaurateur protect their business, employees, data, and customers in 2017 and beyond?
The following is a primer for any restaurant wondering how to get started securing their business online in an increasingly digitized industry.
Education and Security
Understanding the basics of cybersecurity gives you a leg up on competitors, making it much easier to identify future threats or understanding what affects your business online.
Fortunately, there are free resources available online to help you wrap your head around these issues. Some of the best include:
The Cybersecurity 101 course from Khan Academy
The Sideways Dictionary from Google (provides easy definitions for complex digital terms)
The Cyber Security for Beginners course offered by Heimdal Security
Once you have a basic understanding of cybersecurity, you need to think proactively about it, just like you already think about other security issues such as theft or alarm systems. This way you will be able to:
- Understand the risks facing your business and where they come from
- Create plans and contingencies to mitigate risks
- Implement best practices to limit online risks
It may be difficult to know where to start when it comes to identifying areas of your business vulnerable to digital attack. After all, restaurants are complex operations and almost every part of the business is connected to the internet somehow. The consulting firm Deloitte has a great breakdown to help keep everything straight. The vulnerability could stem from technology related to the customer experience, such as your POS, or related to third parties you deal with, such as your suppliers.
Securing Your POS
When it comes to securing guest experience, the most important thing to secure is your POS system. This is the primary point between your customers’ money and your business - also the most common target for hackers.
In the past year there have been numerous examples of POS systems targeted by crooks looking to get into restaurants’ systems. A hacked POS system can steal customer’s banking information along with any other employee information that is entered.
To secure your POS system, take a look at this guide from a POS vendor. It outlines the steps you should take to secure, along with instructions on how to enable PCI compliance. This is the industry standard for securing customer information.
Securing Your WiFi
Aside from your POS system, another area of digital guest security is your restaurant's’ WiFi. WiFi networks in businesses are vulnerable to attack and can be altered to steal your personal information as well as your customers. Make sure:
- You are using a strong password (that is not easy to guess!)
- No one outside of your staff has physical access to your router
- You take steps to encrypt your WiFi traffic for guests and staff alike
Use Secure Web Services
The data your restaurant shares with 3rd parties - such as vendors, suppliers and contractors - is oftentimes more difficult to get a handle on since it is out of your immediate control.
The first step is ensure all 3rd-party systems you use in your restaurant are secured with encryption and strong passwords. Check which systems use SSL to guarantee your information (passwords or credit card numbers) is private when transmitted online.
This is as easy as checking the address bar in your internet browser to ensure the connection is secure. For example, restaurant apps such as 7shifts and BlueCart offer encryption in their apps which you can see when you login:
If a vendor or service you use in your restaurant does not offer secure systems, it might be time to look at an alternative.
Vendor and Contractor Security
Aside from using secure 3rd-party services, make sure to never share login/password information with suppliers and vendors unless absolutely necessary. The moment digital credentials are out of your control you can no longer be confident they won’t fall into the wrong hands.
If you do need to share credentials, consider using a service like One Time Secret allowing you to securely send information which will automatically delete itself once viewed by a recipient.
Other Important Tips
In addition to what has already been mentioned, here are other cybersecurity best practices to consider in keeping your restaurant secure online:
Use two-factor authentication: Two Factor Authentication, also known as 2FA or two step verification, is an extra layer of security requiring more than a password to access a service. In the case of Google services like Gmail, when you enable 2FA you will be texted a code that must be entered whenever you login to your email from a new location. This prevents nefarious logins from crooks that may have gained access to your passwords, but nothing else. You can use this list to find out if services you already use support 2FA.
Use a password manager: In restaurants it’s extremely common to share passwords between managers and staff, making it easy for a password to be shared with someone unintended. Consider employing a password management system such as 1Password which allows you to share passwords with only those who you need to.
Backup your data online: When your restaurant runs on data - sales, payroll, labor, or POS data - it’s important to keep it safe. You can use services like Dropbox or Google Drive to store files so they are accessible anywhere, but it’s also prudent to use a data backup and recovery service like CrashPlan. The peace of mind you will get from the service is well worth the monthly cost!
Change passwords often: High restaurant turnover means it’s common for former employees to know passwords to systems once they no longer work for you. Restaurateurs must ensure they change passwords to common services used often so past employees don’t have access. You can do this with services like 1Password, but a quick and easy way is to set yourself a calendar reminder to update your passwords at least once per quarter.
These are just a few tips available to help increase your restaurant security online. The most important thing you can do for your business is to stay informed about potential threats and proactively fix them before they potentially harm your business.
About the Author: Chris de Jong is the Marketing Lead for 7shifts, an employee scheduling app designed for restaurant based in beautiful Saskatoon, Saskatchewan. He works with the rest of the 7shifts team to help their customers all over the world save time scheduling, reduce labor costs, and improve communication in their businesses.