As restaurants increasingly rely on online systems and tools to process guest orders and operate more efficiently, they need to take extra care in protecting their cybersecurity. The transition to new systems, as well as ongoing labor challenges, have created vulnerabilities that cyber criminals are eager to exploit. According to data released in late 2021 by Check Point Research, there was a 40 percent increase in cyberattacks globally over the previous year, with one of every 61 organizations worldwide impacted by ransomware each week. The risks are evolving, so operators should speak to their insurance broker to make sure they are aware of how to best minimize their exposure to threats including ransomware, malware, phishing and data breaches. It helps to provide ongoing employee training and limit the number of staff with access to sensitive information.
Restaurant employee theft is a common problem, accounting for 75 percent of inventory shortages and 4 percent sales, according to the National Restaurant Association. Your systems and tools can help you stop it soon after it starts – or even prevent it altogether. A TouchBistro report advises leaning on your POS for help. For example, your POS settings can help you place controls on what employees can do when placing orders – such as preventing the printing of a bill if an order has not actually been served, or the deletion of items on a bill before it is closed and then keeping the cash. Your POS reports can also help you investigate questionable activity by flagging transactions that were removed or modified after they were finalized and those that involved voids or discounts, and scrutinizing day-end reconciliations that create an opportunity for underreporting earnings. It can show you how many times a cash drawer was opened and by whom, so you can quickly identify the employees to speak to in the event of a shortage. It can also identify discrepancies between an employee’s scheduled hours and how many hours they are reporting. Beyond your POS, consider the use of cameras at your POS and inventory storage areas, which can help you send the message that you’re committed to keeping everybody honest.
Add cybersecurity to the list of challenges facing the food supply chain. Up to a fifth of the nation’s meat processing capacity went off the grid in June after JBS, the biggest meat processor in the U.S., was hit by a ransomware attack. Restaurants have been, and will continue to be, targets for cybercrime as well. As restaurant operators integrate new tech tools into their operation, accept digital transactions and find their footing with business streams that rely on technology, cybersecurity is an ever-important concern. As the pandemic was gaining momentum in March of last year and online transactions climbed, there was a 600 percent increase in email phishing scams. Cyber insurance may help recover losses in the event of a breach, but restaurants first need a cybersecurity program that guides business security day to day. It should ensure your operating system and security patches are up to date and establish policies on the purposes for which your computer system can be used and by whom. Doing a background check of employees and screening third-party vendors can help weed out potential threats, and you can also issue unique passcodes for staff to help identify the source of problems if they occur. Train staff on how to avoid email phishing scams and take steps to contain the damage to your systems by using firewalls between the systems in various parts of your business.
Cyberattacks have been climbing during the pandemic. Restaurants are likely to be an attractive target for criminals for a couple of reasons: Operators have transferred more of their processes online during the pandemic, all while they are trying to cut costs (and perhaps investing in only rudimentary cyber protections as a result). In a recent episode of The Main Course podcast, litigator and cybersecurity expert Jacey Kaps weighed in on what operators should be doing to protect their data right now. At a minimum, he said, they should have a written data security plan that details how they collect and store data, how often they update software and firewalls, how they ensure vendors are using best practices and how they train employees on data security. That last part is likely the most important – network security expert Max Cline of Netsurion told Fast Casual that employees are always the weakest link in the chain and must be trained to identify potential cybersecurity problems.
Our increased reliance on technology to conduct business right now is making cybersecurity all the more important – and not just within your restaurant but throughout your supply chain. When you conduct business with current suppliers and screen new ones, ensure those vendors are protecting against the risk to data they store about your business. Ask them what they are doing at the moment to tighten their security. Where are their weak points and what are they doing to address them? Security patches, multi-factor authentication and increased focus on recordkeeping can all provide some protection at a time when cybercriminals are looking for vulnerabilities.
As technology increasingly infuses organizations in all sectors and 5G becomes more widespread, cyberattacks are becoming a given – not a question of if they will occur but when. Security protections can dissuade cybercriminals but they aren’t airtight, so the actions an organization takes after a cyberattack are critical to getting back on track. It may take months to not only identify the problem in your system but to manage the financial costs, public relations challenges and other business disruptions a breach can cause. A cyber insurance policy may help, particularly for the post-breach protections it offers, including access to digital security experts who can clear your system and help reinforce it against future attacks. An FSR Magazine report says a cyber insurance policy may cost as little as $800 per year, and restaurants with existing firewalls and other protections in place stand to get lower premiums than businesses that haven’t yet taken those steps.
Unfortunately, the increased use of online orders and digital payments during the pandemic has elevated the risk that restaurants and other businesses are targeted by cybercriminals. FSR reports that in March alone, email phishing scams increased 600 percent. To protect your business, ensure your cybersecurity software protection is up to date, use two-factor authentication to log in to your systems, limit the number of employees who are accessing them, and make sure everyone is trained on cybersecurity precautions. Additional protections like cyber insurance may help restaurants assess their risks and prevent a breach, and, if one does occur, provide compensation, post-breach data assessment and recovery services, and public relations support.
At the speed technology is evolving, data breaches are becoming increasingly common – and the costs can cripple a business: Transaction Resources estimates that the average small business pays $36,000 to $50,000 for a single data breach. While the various points of connection within your restaurant – from your POS to the sensors monitoring the functioning of your appliances – can improve your efficiency, they may also make your business more vulnerable to cyber threats. To get a handle on your restaurant’s risks, consider using the National Institute for Standards and Technology’s (NIST) Cybersecurity Framework for Critical Infrastructure. Restaurant365 reports that many restaurants are using the framework, which takes you through a five-step process to identify, protect, detect, respond and recover from an incident.
As your kitchen becomes increasingly connected to the Internet, it becomes a bigger target for cybercrime. At The Spoon’s recent Smart Kitchen Summit, panelists who participated in a segment called Hacking the Oven: Cybersecurity and the Connected Kitchen identified three key takeaways to consider as your business adopts new devices to increase efficiency. First, cybersecurity can’t be something you bolt on to your business; rather, it’s important to make it flow through your operation from the start and to have a culture that values it. Second, both manufacturers and end users play a role in securing devices: manufacturers need to build secure devices with easy-to-install updates, and users need to do their part to protect devices with secure passwords. Finally, security is an ongoing process that requires manufacturers (and users) to have a plan to address vulnerabilities as they arise. Panelists expect to see cybersecurity certification labels on appliances in the near future – much like Energy Star rating stickers – to help end users better identify companies with strong cybersecurity records.
The number of internet-enabled devices is expected to reach 75 billion by 2025, or more than triple the number of such devices in use by the end of 2018, according to the technology firm ITProPortal. A technology-driven restaurant owner can adopt internet-enabled devices to monitor and manage everything from the operation’s food waste to its energy use. While these devices promise significant cost savings and efficiencies, their access to your data creates new points of vulnerability. It is increasingly difficult to prevent security breaches as threats become more sophisticated and employees who aren’t adequately trained leave a business exposed to threats. To help manage such threats, the tech security firm ControlScan advises operators to use next-generation firewalls to limit entry points for malware, and to use a managed security service provider that can identify vulnerabilities in a network, investigate and report security breaches, and troubleshoot other network security problems. Whether you outsource your network security or not, being able to keep tabs on your network in those ways is becoming increasingly important as businesses across sectors find that it’s not a question of if a security event will occur, but when.