Restaurant industry is one of the favorite targets for cyber hackers as it involves millions of credit/debit card transaction details yet follows minimal data security standards. According to Verizon’s “2015 Data Breach Investigations Report”, “the evolution of attacks against point-of-sales systems continued in 2014 with large organizations suffering breaches alongside the small retailers and restaurants that had been the cash cows for years.”
With the increased usage of digital solutions e.g. POS systems, wireless credit card processors, digital menu boards, security cameras, and online ordering platform, it has become easier for the cyber criminals to hack into restaurants’ systems through multiple entry points. Therefore, it is important to understand the risks relating to data security and start following best practices to keep systems secure and far from the reach of these hackers.
Whether you are a single-outlet or a multi-restaurant chain owner or a franchisee operator, network security should be one of the top priority failing to which your brand image and entire business can be negatively affected.
It can be argued that consumers have no liability for credit-card theft but it is a duty of merchants to protect the data as consumers may decline from dealing with a specific merchant if they feel that their data is not secure with that merchant. Last year, CM Ebar, LLC, the owner of the Elephant Bar Restaurants (“Elephant Bar”) alerted its customers about a security breach incident at several of its locations affecting payment card information of some customers (press release). Based upon an extensive forensic investigation, it appears that unauthorized individual installed malicious software on their payment processing systems designed to capture payment card information including name, account number, expiry date, and verification code. The malware could have compromised card data that made payment card purchases since early August. Similarly last year, a US-based sandwich restaurant chain “Jimmy John” confirmed that 216 of its stores were indeed hacked. Apart from business loss, data theft also results in heavy legal and IT management fees to protect the company’s identity and the brand image gets deteriorated in the consumer’s mindset.
Do note that the data theft not only means loss of data to cyber hackers but it also includes potential data sharing/transfer to unsecure hands through third-party-vendors or employees.
It is recommended to hire any network security architect to design your systems while it is also important to follow some basic guidelines to avoid data theft from your network.
It has been found out that several restaurants and chains use common passwords for all of their systems which are vulnerable to hackers. Sometimes these are the default passwords provided by the vendors or they are very simple to crack i.e. password1, 123456. Always use sophisticated and different passwords for systems and keep changing them regularly.
One of the ways hackers uses to get into your networks is to put some malware into your systems via unauthorized transactions, pirated software, or access to unsecured websites. Hence, it is recommended to use only industry-approved licensed software and keep them updated with latest versions.
Purchase a license for a reputable and professional firewall and mandate auto-scans every week to identify vulnerability in the system.
Several restaurants in India are still using old versions of traditional POS systems which can be susceptible to hackers. Do ensure that you use modern POS system which follows best security practices and uses data encryption for credit/debit card transaction records.
If your restaurant uses innovative digital solutions (e.g. digital menu, wireless credit card machine, online ordering/payments) then make sure you are using a secured wifi hotspot solution to connect them with each other. You must also use mobile SMS-based authentication to provide free wifi to your guests.
Hackers keep sending phishing emails on official email IDs which might contain harmful malwares. Avoid accessing such emails, always scan attachments for viruses before downloading them on your server.
Keep the default firewall settings for only essential access and restrict access from remote locations and third-party-vendors.
As per TRAI , it is mandatory to authenticate each user logging in to Guest WiFi portal either through bulk login ids generated in advance..Read More
"Data Privacy Day" is observed annually on Jan. 28 - an international effort to empower individuals and business to respect privacy, safeguard data and enable trust...Read More
This article resolves around the wired internet infrastructure in India which is a backbone for all SMEs. 4G is good for individual devices but it can't..Read More