Taking preventive measures can make a huge impact on the overall security of your restaurant operation, and they don’t require any massive investments in new technology. By leveraging some cybersecurity best practices, you can easily protect your operating systems from cybercriminals and cyberattacks.
According to the National Restaurant Association, “The digital age is transforming the way restaurants do business. Technology innovations have streamlined restaurant operations, reduced costs and attracted more guests. Many of those innovations are fueled by data. And whenever data is handled- via card payments, payroll and human resources records, inventory control, or loyalty programs- online criminals and hackers are lurking, waiting to attack where your operation is most vulnerable.”
Protecting your restaurant and employees from a security breach is more of an approach and way of thinking as opposed to implementing an expensive security service or system into your operation. With online ordering and mobile payments options at an all-time high to satisfy the need for consumer convenience, safety and security must be a main priority.
- Device Security: Restaurants that have been operating for many years have a higher risk of falling victim to a data breach or cyber threats due to outdated software. Keeping updated software on restaurant devices and kiosk can greatly reduce the attack surface a restaurant is exposed to. On top of keeping devices updated, devices should also adhere to a baseline security level. A baseline security level should involve a hardened configuration, regular security scans, and constant monitoring.
- Use strong passwords and keep the protected: Phrases can be used as passwords and most of the time they are more secure. The longer and more complex the password is the harder it is to hack. Employees also have to keep these passwords secure. That means no sticky notes with their passwords on them, do not store passwords in a Microsoft word or excel document.
- Physical Security: Even though major news headlines usually depict cybersecurity as a digital crime, many cybersecurity incidents occur due to a lack of physical security. All devices within a restaurant should go through the proper chain of command when being handled. For example, restaurant owners and managers should be the only ones with access to customer data, card numbers, and credit card information. A preventative security measure for restaurants to implement is to send their serving staff directly to the table with a credit card machine, so the transaction is completed in front of the customer. This will help reduce the risk of having employees steal personal, sensitive information and personal data from the point of sale system or payment cards themselves. Be sure to take the appropriate measures to increase the data security of mobile payments as well. As consumers rely on their Smartphones for online banking, shopping, and payment apps such as PayPal and Venmo, the need to protect their data continues to increase.
- Constantly check your Point of Sales System- Let’s face it. No matter how observant you or your staff is, no one can be everywhere at once. Regularly spot check your technology to make sure no customers have tampered with the POS system. Train employees to look for red flags, and make sure they are aware if they notice something, they need to alert management. Leveraging EMV, factor authentication, antivirus software, and ensuring all technology, mobile devices and third-party vendors are PCI compliant, are all cybersecurity best practices to follow as well.
- Audit 3rd Party Integrations: Even though a restaurant has amazing security practices in place, they are still susceptible to attack via their 3rd party integrations. Through a data breach, unsecure wi-fi, or a lack of attention to network security, point of sale systems and personal customer information can be exposed to cybersecurity threats. Restaurant and small business owners alike should audit every company they choose to do business with to ensure they keep cybersecurity at the forefront of their operations.
- Tokenization: Specifically, in PAR’s Brink POS system, only the credit card holder’s name is stored within the point of sale for payments applied via a payment card. If any additional payment card data is required, a 3rd party tokenization provider is utilized to ensure security.
- Employee Training: Phishing emails and social engineering are two of the most common beginnings for a cyber-attack. Cybercriminals often take advantage of the lack of knowledge the average user has. They rely on employees and managers being untrained and unfamiliar with how to respond or react to their scams. Phishing and social engineering schemes also rely on manipulating users into carrying out requests by crafting emails that appear to come from people within the target organization- people the users know and trust.
Employees are the first line to any restaurant, causing them to be the most vulnerable. Everyone makes mistakes, however the more the employees are educated the less likely they are to fall victim to a cyber/ social engineering attack. Education and training for employees is the best way to keep your restaurant secure.
One of the best ways to proactively keep your restaurant technology secure is to approach your point of sale provider to provide insight into their overall solution security – from a product perspective, and a company organizational and strategic perspective.
At PAR Technology, annual PCI training is conducted that instills the OWASP best practices for every developer and coding engineer. These practices are then utilized throughout the day to day implementation and maintenance of the cloud-based software application, Brink POS. The Brink POS application is PA-DSS certified as well, which allows the restaurant owner to make a security investment when they partner with PAR.
Additionally, PAR takes all necessary actions to secures its data center. Best practices in the restaurants include following PCI compliance standards for payment processing. PAR recommends and, in some cases, requires that current/supported software be deployed in conjunction with Brink to ensure best of breed security and encryption.
Be sure to work with your point of sale and technology providers to ensure that you are implementing any and all cybersecurity best practices that you can.