In recent months, three restaurant ordering platforms were the target of cyberattacks that led to the theft of more than 50,000 payment card records from at least 311 restaurants, according to the cybersecurity firm Recorded Future. The records, which were stolen from MenuDrive, Harbortouch and InTouchPOS, were posted for sale on the dark web. While cyberattacks have become so frequent across industries that they don’t necessarily make headlines for the individual businesses affected anymore, helping your restaurant become a more difficult target can go far in helping it avoid an attack. Talk to your tech vendors about the evolving best practices for avoiding a breach or managing one if it happens. It’s important to patch and update software regularly, encrypt sensitive information, upgrade devices that are no longer supported by the manufacturer, enforce strong passwords and multi-factor authentication for everyone logging on to your system, develop and enforce strong security policies for employees using their own devices at work, and train staff on an ongoing basis about the best security practices that can prevent a breach. Your insurer can also advise you on cybersecurity protections and coverages, both to help you prevent a breach and to get your business get back up and running promptly if it does experience one.

As restaurants adopt more technology to efficiently manage everything from processing orders to monitoring appliances, they may also expose themselves to cyber risk. Cyberattacks have been on the rise during the pandemic as cyber criminals have tried to take advantage of vulnerabilities resulting from the widespread disruption to organizations: According to Check Point Research, there was a 50 percent increase in cyberattacks on corporate networks per week in 2021 compared to 2020. Hospitality businesses are especially attractive targets for cyber criminals because they process reams of guest payment information and may inadvertently provide easy gateways to launch an attack – such as a public Wi-Fi connection or an untrained staff member who opens a malicious email attachment. Make sure you’re taking steps to protect your business through staff training and secure software and systems. For example, limit the number of people who can log on to your network. Train staff to be vigilant about emails they open – by only opening messages and attachments from recognized contacts. Have staff use complex passwords that must be changed regularly. Use a firewall to separate transactions in the front of the house and the back. Have a secure, password-protected Wi-Fi network for guests that is separate from your business network. Ensure your malware protection is kept up to date. Finally, you might also consider a cyber insurance policy, which can not only help you recover financial losses due to a cyberattack but also includes post-breach support from IT experts who can identify the source of the problem and help your business get back up and running with minimal interruption.

Rapid employee turnover at restaurants doesn’t just leave your business on the back foot when it comes to preparing and serving food – it can also threaten the security of your systems and data. It’s not unusual, for example, for a reduced staff at a restaurant to have to share roles more than they otherwise would – or even for a new team member to prematurely be granted more responsibility (and the access that comes with it). To help shield your business from the risk of a breach and enable it to recover more quickly if one occurs, ensure that any user names and passwords used to access your systems aren’t shared or reused – and that passwords are changed regularly. Also, connect system access to specific roles instead of people so if a person leaves a role for a different one, there is a natural shift in permissions for system access.

The challenges of the past couple of years have also created opportunities for restaurants – but any restructuring can also open the door to increased cybersecurity risks, particularly as data is migrated and new employees are brought on board. This has been especially true throughout the course of the pandemic as cybersecurity attacks have climbed for organizations of all sizes. The costs are high: According to IBM’s 2021 Cost of a Data Breach Report, the average cost of a data breach is $3.28 million, with an average cost per each lost or stolen record of $161. To help protect your business, consider hiring a risk management professional who can assess your data and systems, help you minimize any weak links, and enable you to train your staff to minimize your risks. Your cybersecurity procedures should ensure that know who is using your systems – every transaction should be linked to an employee, for example – and that sensitive information is protected behind firewalls and accessible only by those who need to view it. Make sure that cybersecurity training is ongoing for your staff – and that it includes information about how to avoid falling for phishing scams. Stand-alone cybersecurity insurance can provide some additional protection as well.

Cyberattacks have been climbing during the pandemic. Restaurants are likely to be an attractive target for criminals for a couple of reasons: Operators have transferred more of their processes online during the pandemic, all while they are trying to cut costs (and perhaps investing in only rudimentary cyber protections as a result). In a recent episode of The Main Course podcast, litigator and cybersecurity expert Jacey Kaps weighed in on what operators should be doing to protect their data right now. At a minimum, he said, they should have a written data security plan that details how they collect and store data, how often they update software and firewalls, how they ensure vendors are using best practices and how they train employees on data security. That last part is likely the most important – network security expert Max Cline of Netsurion told Fast Casual that employees are always the weakest link in the chain and must be trained to identify potential cybersecurity problems.

The lockdown period has led to a spike in the transactions conducted online – and fraud has climbed at the same time. A new study from Forter, which specializes in e-commerce fraud prevention, found that in recent months online food transactions from restaurants have increased by 134 percent and online orders from food brands have jumped 225 percent. At the same time, the study found a 32 percent increase in online fraud in the restaurant sector. That figure may grow further as it can take time to identify fraudulent transactions. As you get business back up and running, be mindful of cyber threats including the hacking of user accounts, shipping fraud and the purchase of gift cards with stolen credit cards. While you take steps to train employees on safety practices, also review your technology systems and employee training procedures to manage potential weak spots.

Our increased reliance on technology to conduct business right now is making cybersecurity all the more important – and not just within your restaurant but throughout your supply chain. When you conduct business with current suppliers and screen new ones, ensure those vendors are protecting against the risk to data they store about your business. Ask them what they are doing at the moment to tighten their security. Where are their weak points and what are they doing to address them? Security patches, multi-factor authentication and increased focus on recordkeeping can all provide some protection at a time when cybercriminals are looking for vulnerabilities.

As technology increasingly infuses organizations in all sectors and 5G becomes more widespread, cyberattacks are becoming a given – not a question of if they will occur but when. Security protections can dissuade cybercriminals but they aren’t airtight, so the actions an organization takes after a cyberattack are critical to getting back on track. It may take months to not only identify the problem in your system but to manage the financial costs, public relations challenges and other business disruptions a breach can cause. A cyber insurance policy may help, particularly for the post-breach protections it offers, including access to digital security experts who can clear your system and help reinforce it against future attacks. An FSR Magazine report says a cyber insurance policy may cost as little as $800 per year, and restaurants with existing firewalls and other protections in place stand to get lower premiums than businesses that haven’t yet taken those steps. 

Unfortunately, the increased use of online orders and digital payments during the pandemic has elevated the risk that restaurants and other businesses are targeted by cybercriminals. FSR reports that in March alone, email phishing scams increased 600 percent. To protect your business, ensure your cybersecurity software protection is up to date, use two-factor authentication to log in to your systems, limit the number of employees who are accessing them, and make sure everyone is trained on cybersecurity precautions. Additional protections like cyber insurance may help restaurants assess their risks and prevent a breach, and, if one does occur, provide compensation, post-breach data assessment and recovery services, and public relations support.

At the speed technology is evolving, data breaches are becoming increasingly common – and the costs can cripple a business: Transaction Resources estimates that the average small business pays $36,000 to $50,000 for a single data breach. While the various points of connection within your restaurant – from your POS to the sensors monitoring the functioning of your appliances – can improve your efficiency, they may also make your business more vulnerable to cyber threats. To get a handle on your restaurant’s risks, consider using the National Institute for Standards and Technology’s (NIST) Cybersecurity Framework for Critical Infrastructure. Restaurant365 reports that many restaurants are using the framework, which takes you through a five-step process to identify, protect, detect, respond and recover from an incident.