 As foodservice operations embrace connected equipment — from networked walk-in coolers to smart ovens and kitchen HVAC controls — their vulnerability to cyberthreats grows. According to a 2024 report by the Foodservice Equipment Association, the advent of AI-driven hacking tools means kitchen equipment with default passwords or internet access becomes a potential entry point.
In the broader food system, the sector experienced more than 200 cyberattacks in 2024, according to Food and Ag-ISAC’s Food and Ag Sector Cyber Threat Report. For foodservice operators, the stakes are high: a compromised smart refrigeration unit could lead to temperature loss, spoiled product, service disruption, and unplanned cost. So how can operators best protect themselves from cyber risks connected to the kitchen? Treat every piece of connected kitchen equipment — like smart ovens, walk-ins, or dishwashers — as a potential cyber entry point. All data sent between devices should be encrypted, and equipment should run on its own secured network rather than through Wi-Fi that is shared with guests or office systems. Vendors should also offer secure remote-access tools, such as VPN-based logins, and maintain clear logs of any changes made to the equipment. Finally, operators should choose partners that provide prompt support and have a clear plan for responding to cybersecurity incidents so disruptions are minimized. By treating connected equipment as both culinary assets and cyber-risk surfaces, operators can protect profitability, guest safety, and brand reputation.  The leadup to Christmas and New Year’s is prime time for cyberattacks, according to a report from Bit Sentinel. Workers can be distracted, consumer transactions spike, a rise in fake charity campaigns encourages people in the giving spirit to contribute, and holiday breaks mean fewer security support staff may be on hand to help. Combine those weaknesses with the many points of data transmission around your operation – whether it be your POS, loyalty program, payroll records or inventory management systems – and you open the door to potential cyberattacks. Foodservice operations can be especially vulnerable. Forbes reports that brands including Panda Express, Five Guys, Yum Brands and Panera Bread have experienced cyberattacks in recent years that either temporarily shut down their systems or exposed personal data.
The National Institute for Security Standards and Technology (NIST) developed a framework for improving cybersecurity for critical infrastructure, which the National Restaurant Association then adapted into a guide for the foodservice industry. The two-part resource – Digital Security 101 and 102 – is available on the association’s website and is worth a review as the holidays approach. It can help you identify system vulnerabilities, protect against risks, detect attacks on your system before damage happens, then respond and recover following an incident. It also includes case studies that demonstrate a range of tactics threat actors might use to breach your system. Taking steps now to make your business a more difficult target may help you avoid interruption later.  As more of aspects of our lives have moved online, so, unfortunately, have threat actors looking to make money from that information. According to a study from the cybersecurity firm Surfshark, 108.9 million accounts were breached in the third quarter of 2022, a 70-percent increase over the previous quarter. Restaurants are natural targets for cyber crime because of the multitude of guest transactions and payroll details they manage and transmit across different channels every day. As you adopt and integrate new technology into your business, make security management a priority – to include prompt software updates and patching, the use of multifactor authentication and other controls to make it more difficult for someone to take advantage of critical data in your business, and ongoing employee training to prevent a cyber breach. Ensure your vendors have stringent controls in place too – and that you trust your tech providers to have your back when it comes to helping you keep your systems secure.
 In recent months, three restaurant ordering platforms were the target of cyberattacks that led to the theft of more than 50,000 payment card records from at least 311 restaurants, according to the cybersecurity firm Recorded Future. The records, which were stolen from MenuDrive, Harbortouch and InTouchPOS, were posted for sale on the dark web. While cyberattacks have become so frequent across industries that they don’t necessarily make headlines for the individual businesses affected anymore, helping your restaurant become a more difficult target can go far in helping it avoid an attack. Talk to your tech vendors about the evolving best practices for avoiding a breach or managing one if it happens. It’s important to patch and update software regularly, encrypt sensitive information, upgrade devices that are no longer supported by the manufacturer, enforce strong passwords and multi-factor authentication for everyone logging on to your system, develop and enforce strong security policies for employees using their own devices at work, and train staff on an ongoing basis about the best security practices that can prevent a breach. Your insurer can also advise you on cybersecurity protections and coverages, both to help you prevent a breach and to get your business get back up and running promptly if it does experience one.
 As restaurants increasingly rely on online systems and tools to process guest orders and operate more efficiently, they need to take extra care in protecting their cybersecurity. The transition to new systems, as well as ongoing labor challenges, have created vulnerabilities that cyber criminals are eager to exploit. According to data released in late 2021 by Check Point Research, there was a 40 percent increase in cyberattacks globally over the previous year, with one of every 61 organizations worldwide impacted by ransomware each week. The risks are evolving, so operators should speak to their insurance broker to make sure they are aware of how to best minimize their exposure to threats including ransomware, malware, phishing and data breaches. It helps to provide ongoing employee training and limit the number of staff with access to sensitive information.
 As restaurants adopt more technology to efficiently manage everything from processing orders to monitoring appliances, they may also expose themselves to cyber risk. Cyberattacks have been on the rise during the pandemic as cyber criminals have tried to take advantage of vulnerabilities resulting from the widespread disruption to organizations: According to Check Point Research, there was a 50 percent increase in cyberattacks on corporate networks per week in 2021 compared to 2020. Hospitality businesses are especially attractive targets for cyber criminals because they process reams of guest payment information and may inadvertently provide easy gateways to launch an attack – such as a public Wi-Fi connection or an untrained staff member who opens a malicious email attachment. Make sure you’re taking steps to protect your business through staff training and secure software and systems. For example, limit the number of people who can log on to your network. Train staff to be vigilant about emails they open – by only opening messages and attachments from recognized contacts. Have staff use complex passwords that must be changed regularly. Use a firewall to separate transactions in the front of the house and the back. Have a secure, password-protected Wi-Fi network for guests that is separate from your business network. Ensure your malware protection is kept up to date. Finally, you might also consider a cyber insurance policy, which can not only help you recover financial losses due to a cyberattack but also includes post-breach support from IT experts who can identify the source of the problem and help your business get back up and running with minimal interruption.
 The challenges of the past couple of years have also created opportunities for restaurants – but any restructuring can also open the door to increased cybersecurity risks, particularly as data is migrated and new employees are brought on board. This has been especially true throughout the course of the pandemic as cybersecurity attacks have climbed for organizations of all sizes. The costs are high: According to IBM’s 2021 Cost of a Data Breach Report, the average cost of a data breach is $3.28 million, with an average cost per each lost or stolen record of $161. To help protect your business, consider hiring a risk management professional who can assess your data and systems, help you minimize any weak links, and enable you to train your staff to minimize your risks. Your cybersecurity procedures should ensure that know who is using your systems – every transaction should be linked to an employee, for example – and that sensitive information is protected behind firewalls and accessible only by those who need to view it. Make sure that cybersecurity training is ongoing for your staff – and that it includes information about how to avoid falling for phishing scams. Stand-alone cybersecurity insurance can provide some additional protection as well.
 Restaurant employee theft is a common problem, accounting for 75 percent of inventory shortages and 4 percent sales, according to the National Restaurant Association. Your systems and tools can help you stop it soon after it starts – or even prevent it altogether. A TouchBistro report advises leaning on your POS for help. For example, your POS settings can help you place controls on what employees can do when placing orders – such as preventing the printing of a bill if an order has not actually been served, or the deletion of items on a bill before it is closed and then keeping the cash. Your POS reports can also help you investigate questionable activity by flagging transactions that were removed or modified after they were finalized and those that involved voids or discounts, and scrutinizing day-end reconciliations that create an opportunity for underreporting earnings. It can show you how many times a cash drawer was opened and by whom, so you can quickly identify the employees to speak to in the event of a shortage. It can also identify discrepancies between an employee’s scheduled hours and how many hours they are reporting. Beyond your POS, consider the use of cameras at your POS and inventory storage areas, which can help you send the message that you’re committed to keeping everybody honest.
 Add cybersecurity to the list of challenges facing the food supply chain. Up to a fifth of the nation’s meat processing capacity went off the grid in June after JBS, the biggest meat processor in the U.S., was hit by a ransomware attack. Restaurants have been, and will continue to be, targets for cybercrime as well. As restaurant operators integrate new tech tools into their operation, accept digital transactions and find their footing with business streams that rely on technology, cybersecurity is an ever-important concern. As the pandemic was gaining momentum in March of last year and online transactions climbed, there was a 600 percent increase in email phishing scams. Cyber insurance may help recover losses in the event of a breach, but restaurants first need a cybersecurity program that guides business security day to day. It should ensure your operating system and security patches are up to date and establish policies on the purposes for which your computer system can be used and by whom. Doing a background check of employees and screening third-party vendors can help weed out potential threats, and you can also issue unique passcodes for staff to help identify the source of problems if they occur. Train staff on how to avoid email phishing scams and take steps to contain the damage to your systems by using firewalls between the systems in various parts of your business.
|
Subscribe to our newsletter
Archives
May 2026
Categories
All
|
RSS Feed