How safe is your restaurant’s computer system?
A recent post from Forbes.com talked about how hackers concentrate on food service and hospitality businesses, continuously finding ways to breach the systems of these organizations where they steal customer information including email addresses, account information and cardholder data.
Some of these attacks are especially targeted, exceptionally technical, and silently, sneakily done. There are, however, a lot of attacks that aren’t considered planned – hackers just happened to see how poor the security practices are and simply just take advantage of the circumstances. They would notice easily guessable passwords and unsecure WiFi networks, and they are tempted to attack.
And yes, over 85% of recorded attacks and data breaches happened in the retail, hospitality and food & beverage industries. Restaurants, for one, are known to have weak security measures when it comes to their point-of-sale software systems. In most cases, restaurants do not have trained security staff—they normally rely on their IT personnel to handle all of their system security matters.
Due to this lack of safety, investigators say that 76% of computer system environments have a security flaw that is often introduced by a third party, allowing criminals to compromise restaurants’ important data. In these, only 16% of victimized businesses detected the breach by themselves; and worse, attackers normally access the victim’s systems at an average of 173.5 days before they get detected. Customer data have gone into the hands of criminals for months and restaurants are often unaware of it.
So what do you have to do?
• Your first line of defense is your employees. Educate your staff (often in cool aprons) and make them aware of security measures; do not ignore the fact that while your staff are not security specialists, they do have the common sense to notice when something is different on the system that they use daily. A restaurant once had a cashier who noticed something different on her POS screen—there were new applications that she does not recognize, and she reported these to management. Sure enough, a cybercriminal was found to have been roaming around the system the day before.
• Get a comprehensive inventory of assets in your environment so you can gain an insight in identifying any malicious activity that goes on.
• Make sure to create security requirements and stipulations when you enter into contracts with third parties.
• Implement security procedures and policies such as secure passwords and make sure your employees (most of them in their elegant aprons) understand and abide by it.
• Realize the importance of regular event analysis and assessments of your computer systems. The quicker that you can identify any issues that may arise and the speedier you take action to a breach, the lesser the damages.