The leadup to Christmas and New Year’s is prime time for cyberattacks, according to a report from Bit Sentinel. Workers can be distracted, consumer transactions spike, a rise in fake charity campaigns encourages people in the giving spirit to contribute, and holiday breaks mean fewer security support staff may be on hand to help. Combine those weaknesses with the many points of data transmission around your operation – whether it be your POS, loyalty program, payroll records or inventory management systems – and you open the door to potential cyberattacks. Foodservice operations can be especially vulnerable. Forbes reports that brands including Panda Express, Five Guys, Yum Brands and Panera Bread have experienced cyberattacks in recent years that either temporarily shut down their systems or exposed personal data.
The National Institute for Security Standards and Technology (NIST) developed a framework for improving cybersecurity for critical infrastructure, which the National Restaurant Association then adapted into a guide for the foodservice industry. The two-part resource – Digital Security 101 and 102 – is available on the association’s website and is worth a review as the holidays approach. It can help you identify system vulnerabilities, protect against risks, detect attacks on your system before damage happens, then respond and recover following an incident. It also includes case studies that demonstrate a range of tactics threat actors might use to breach your system. Taking steps now to make your business a more difficult target may help you avoid interruption later. The demand for online food delivery has surged in the past few years and is poised for continued growth, according to Statista research. The National Restaurant Association has reported that for the first time, drive-through and delivery orders account for a larger share of guest traffic than on-premises dining. While this presents new opportunities for restaurants, it also gives threat actors an appealing target for fraud – particularly because frequent, low-volume transactions can make it easier for fraud to go undetected. You can take some steps to make your business a more difficult target for these scams, however. Beyond some basic protections such as enforcing strong passwords on your website and app, prompting password changes, and having people use multifactor authentication to access their account, Security Boulevard advises businesses to use a few safety precautions to prevent unauthorized access. For example, you can limit the number of login attempts within a certain time frame, or set up alerts whenever changes have been made to an account/password. Your fraud prevention software can also help by identifying the location of login attempts and flagging locations that seem off-base or which use a VPN to disguise their IP address – common signs that a threat actor is trying to breach a network. It’s also important to keep your security software current by installing patches and updates promptly – unfortunately, fraudsters often take advantage of security vulnerabilities due to delays in installing up-to-date security measures. Your restaurant is likely becoming more digitally connected all the time – not only with guests, but also with equipment across your kitchen and with vendors across your supply chain. While this connectivity brings greater control and oversight of how your business is operating in real time, it also creates new security vulnerabilities. Are you doing all you can to protect the data you store and the devices that collect and transmit it? A recent Restaurant News report advises restaurant operators to prioritize network security protections including (but not limited to) encryption and protocols for authenticating users. It’s also important to scan regularly for potential vulnerabilities. Your technology service provider should provide support here – and have a number you can call whenever concerns arise. As data is becoming a more powerful predictor of business success, restaurants are transforming into data warehouses. In the process, they must consider their responsibilities for protecting both themselves and the people who offer their personal information. One recent real-world example of this is White Castle’s use of a terms & conditions page on their drive thru ordering screen, which is perhaps a sign of similar policies to come in restaurants making use of guest data. The general public is increasingly aware of how valuable their data is – and that it must be protected. A recent Forbes report suggested that consumers’ growing awareness of data privacy is generating trust issues, which isn’t a big surprise considering the regularity of cyber breaches. As you set out to collect data from guests and others, it is becoming more important to have a technology provider you trust to help you understand how you’re using and protecting that data – and what immediate steps to take if you lose control of it. At a time when restaurant operators are being stretched, it’s easy for things to fall through the cracks. As you have adapted your business in recent months and years to accommodate mobile orders and off-premise dining, have you compromised at all with regard to your methods of securing the guest data you manage? One restaurant consultant interviewed in a recent Hospitality Net report indicated that since the start of the pandemic, he has seen more restaurants cut corners on online security in an effort to make tech-driven conveniences available to guests. Threat actors tend to look for easy targets – ensuring your business has up-to-date protections in place can help you avoid being in that position amid the sharp rise in online transactions you’ve likely been processing. As restaurants increasingly rely on online systems and tools to process guest orders and operate more efficiently, they need to take extra care in protecting their cybersecurity. The transition to new systems, as well as ongoing labor challenges, have created vulnerabilities that cyber criminals are eager to exploit. According to data released in late 2021 by Check Point Research, there was a 40 percent increase in cyberattacks globally over the previous year, with one of every 61 organizations worldwide impacted by ransomware each week. The risks are evolving, so operators should speak to their insurance broker to make sure they are aware of how to best minimize their exposure to threats including ransomware, malware, phishing and data breaches. It helps to provide ongoing employee training and limit the number of staff with access to sensitive information. Restaurant employee theft is a common problem, accounting for 75 percent of inventory shortages and 4 percent sales, according to the National Restaurant Association. Your systems and tools can help you stop it soon after it starts – or even prevent it altogether. A TouchBistro report advises leaning on your POS for help. For example, your POS settings can help you place controls on what employees can do when placing orders – such as preventing the printing of a bill if an order has not actually been served, or the deletion of items on a bill before it is closed and then keeping the cash. Your POS reports can also help you investigate questionable activity by flagging transactions that were removed or modified after they were finalized and those that involved voids or discounts, and scrutinizing day-end reconciliations that create an opportunity for underreporting earnings. It can show you how many times a cash drawer was opened and by whom, so you can quickly identify the employees to speak to in the event of a shortage. It can also identify discrepancies between an employee’s scheduled hours and how many hours they are reporting. Beyond your POS, consider the use of cameras at your POS and inventory storage areas, which can help you send the message that you’re committed to keeping everybody honest. Add cybersecurity to the list of challenges facing the food supply chain. Up to a fifth of the nation’s meat processing capacity went off the grid in June after JBS, the biggest meat processor in the U.S., was hit by a ransomware attack. Restaurants have been, and will continue to be, targets for cybercrime as well. As restaurant operators integrate new tech tools into their operation, accept digital transactions and find their footing with business streams that rely on technology, cybersecurity is an ever-important concern. As the pandemic was gaining momentum in March of last year and online transactions climbed, there was a 600 percent increase in email phishing scams. Cyber insurance may help recover losses in the event of a breach, but restaurants first need a cybersecurity program that guides business security day to day. It should ensure your operating system and security patches are up to date and establish policies on the purposes for which your computer system can be used and by whom. Doing a background check of employees and screening third-party vendors can help weed out potential threats, and you can also issue unique passcodes for staff to help identify the source of problems if they occur. Train staff on how to avoid email phishing scams and take steps to contain the damage to your systems by using firewalls between the systems in various parts of your business. Cyberattacks have been climbing during the pandemic. Restaurants are likely to be an attractive target for criminals for a couple of reasons: Operators have transferred more of their processes online during the pandemic, all while they are trying to cut costs (and perhaps investing in only rudimentary cyber protections as a result). In a recent episode of The Main Course podcast, litigator and cybersecurity expert Jacey Kaps weighed in on what operators should be doing to protect their data right now. At a minimum, he said, they should have a written data security plan that details how they collect and store data, how often they update software and firewalls, how they ensure vendors are using best practices and how they train employees on data security. That last part is likely the most important – network security expert Max Cline of Netsurion told Fast Casual that employees are always the weakest link in the chain and must be trained to identify potential cybersecurity problems.
Our increased reliance on technology to conduct business right now is making cybersecurity all the more important – and not just within your restaurant but throughout your supply chain. When you conduct business with current suppliers and screen new ones, ensure those vendors are protecting against the risk to data they store about your business. Ask them what they are doing at the moment to tighten their security. Where are their weak points and what are they doing to address them? Security patches, multi-factor authentication and increased focus on recordkeeping can all provide some protection at a time when cybercriminals are looking for vulnerabilities.
|
Subscribe to our newsletterArchives
December 2024
Categories
All
|