Cyberattacks have been climbing during the pandemic. Restaurants are likely to be an attractive target for criminals for a couple of reasons: Operators have transferred more of their processes online during the pandemic, all while they are trying to cut costs (and perhaps investing in only rudimentary cyber protections as a result). In a recent episode of The Main Course podcast, litigator and cybersecurity expert Jacey Kaps weighed in on what operators should be doing to protect their data right now. At a minimum, he said, they should have a written data security plan that details how they collect and store data, how often they update software and firewalls, how they ensure vendors are using best practices and how they train employees on data security. That last part is likely the most important – network security expert Max Cline of Netsurion told Fast Casual that employees are always the weakest link in the chain and must be trained to identify potential cybersecurity problems.
The lockdown period has led to a spike in the transactions conducted online – and fraud has climbed at the same time. A new study from Forter, which specializes in e-commerce fraud prevention, found that in recent months online food transactions from restaurants have increased by 134 percent and online orders from food brands have jumped 225 percent. At the same time, the study found a 32 percent increase in online fraud in the restaurant sector. That figure may grow further as it can take time to identify fraudulent transactions. As you get business back up and running, be mindful of cyber threats including the hacking of user accounts, shipping fraud and the purchase of gift cards with stolen credit cards. While you take steps to train employees on safety practices, also review your technology systems and employee training procedures to manage potential weak spots.
Our increased reliance on technology to conduct business right now is making cybersecurity all the more important – and not just within your restaurant but throughout your supply chain. When you conduct business with current suppliers and screen new ones, ensure those vendors are protecting against the risk to data they store about your business. Ask them what they are doing at the moment to tighten their security. Where are their weak points and what are they doing to address them? Security patches, multi-factor authentication and increased focus on recordkeeping can all provide some protection at a time when cybercriminals are looking for vulnerabilities.
As technology increasingly infuses organizations in all sectors and 5G becomes more widespread, cyberattacks are becoming a given – not a question of if they will occur but when. Security protections can dissuade cybercriminals but they aren’t airtight, so the actions an organization takes after a cyberattack are critical to getting back on track. It may take months to not only identify the problem in your system but to manage the financial costs, public relations challenges and other business disruptions a breach can cause. A cyber insurance policy may help, particularly for the post-breach protections it offers, including access to digital security experts who can clear your system and help reinforce it against future attacks. An FSR Magazine report says a cyber insurance policy may cost as little as $800 per year, and restaurants with existing firewalls and other protections in place stand to get lower premiums than businesses that haven’t yet taken those steps.
Unfortunately, the increased use of online orders and digital payments during the pandemic has elevated the risk that restaurants and other businesses are targeted by cybercriminals. FSR reports that in March alone, email phishing scams increased 600 percent. To protect your business, ensure your cybersecurity software protection is up to date, use two-factor authentication to log in to your systems, limit the number of employees who are accessing them, and make sure everyone is trained on cybersecurity precautions. Additional protections like cyber insurance may help restaurants assess their risks and prevent a breach, and, if one does occur, provide compensation, post-breach data assessment and recovery services, and public relations support.
At the speed technology is evolving, data breaches are becoming increasingly common – and the costs can cripple a business: Transaction Resources estimates that the average small business pays $36,000 to $50,000 for a single data breach. While the various points of connection within your restaurant – from your POS to the sensors monitoring the functioning of your appliances – can improve your efficiency, they may also make your business more vulnerable to cyber threats. To get a handle on your restaurant’s risks, consider using the National Institute for Standards and Technology’s (NIST) Cybersecurity Framework for Critical Infrastructure. Restaurant365 reports that many restaurants are using the framework, which takes you through a five-step process to identify, protect, detect, respond and recover from an incident.