Your restaurant’s cybersecurity is likely not something you think about often, but it’s now one of the biggest risk factors to your reputation and bottom line.
Companies of all sizes are susceptible to cyberattacks, but small business is especially vulnerable since they often don’thave staff whose sole task is to keep data safe from cybercrime. According to one study by Ponemon Institute, the average small business pays $36,000 to $50,000 for a data breach.
Here’s a look at a restaurant’s three most susceptible points for hackers:
POS System Insecurity
Food & Beverage is the 4th most targeted industry for data breaches and 40% of all data breaches in the food & beverage industry occurred at the POS system, according to Trustwave’s global security report. Here are five easy ways to keep your POS system secure:
Install antivirus software
Installing endpoint protection software on your device can help detect problematic files or apps that need to be immediately removed to keep your POS safe.
Secure your POS systems from theft
A stolen or lost POS device can allow criminals access to view and steal customer records. Lockdown all your devices at the end of the workday. Make sure all devices are accounted for each day and stored in a place where only a few select employees have access.
Follow PCI compliance guidelines
The Payment Card Industry Data Security Standard (PCI DSS) suggests companies actively monitor and take inventory of IT assets and business processes in order to detect any vulnerability.
The PCI Security Standards Council also suggests eliminating cardholder data unless absolutely necessary and maintaining communication with banks and card brands to ensure no issues occur or have already occurred.
Use end-to-end encryption for credit card transactions
These tools encrypt credit card information the second it’s received on the POS device and once again when it’s sent to the software’s server. This means that the data is never vulnerable, regardless of where hackers might be installing malware.
Limit employees’ web browsing and social media activity on POS
POS systems can be easy targets for attacks if exposed to a malware delivery system, internet access should be restricted, and employees should be prohibited from using the POS for any personal internet browsing.
While about 80% of cyberattacks against restaurants target payment card information, employees’ personally identifying information (PII), such as their Social Security Number is at risk from the same attacks.
Most onboarding, payroll, POS and ancillary systems use an employee’s Social Security Number to identify and communicate employee information, which opens several points where your employees’ information is susceptible to hackers.
Choosing Navrae for your payroll and accounting not only simplifies your back-office work, but it also keeps your employees’ sensitive data in one, secure place.
Instead of using their SSN, we create a unique identifier for each employee and integrate directly with your POS system and middleware to gather and transfer employee information securely.
Third-party & Supply Chain Risk
If you’re using a third-party to manage your real-time table availability and reservations, customer experience, food delivery, or loyalty program, your restaurant’s data may be at risk.
About 56% of businesses have experienced a data breach caused by a third-party, a report by Trustwave found.
Most restaurants that access data through companies that provide these platforms and may not know if their data is securely stored, segregated, and transmitted.
Reservations and delivery are not new ideas, but the way they are being embedded into the digital restaurant experience can open access to critical customer data to third parties that broker those transactions.
With Navrae, your sensitive data is encrypted and unreadable by anyone without the encryption key, and our database has multiple layers of security, such as password and ID verification that prevent cybercriminals from accessing your data.
We also mask your sensitive information on reports and when displayed on-screen to users without the proper credentials to view it. You can also know that your data is secure in case it’s every corrupted or lost because we automatically back-up your data to our cloud storage.
Third parties may also be sharing or storing sensitive data with other third parties without the restaurant’s knowledge, which compounds vulnerabilities and entry points for cyberattacks. Tableside and kiosk POS systems are often managed and owned by outsourced providers, which capture volumes of data about customers from general profile information like a home address and dining preferences to sensitive data like credit card information.
How do you know if they are keeping that information secure? Only 17% of businesses believe they effectively manage third-party risk, a study reported.
At Navrae, we never share our clients’ information with anyone else, and since there is no exchange of data between our server to another, we reduce the risk that your sensitive data will be intercepted during transmission.
The weakest link by far in cybersecurity is human error. A report by Shred-It, an information security company, found that 47 percent of business leaders said human error, such as accidental loss of a device or document by an employee, had caused a data breach at their organization.
Here’s a list of the most common weak points humans create:
In the same Shred-It report, 25% confessed to leaving their computer unlocked and unattended. In a busy restaurant or public setting, anyone could quickly compromise the security of the device or copy sensitive data.
Weak or default password
How strong is your password? Have you changed it recently? Most are guilty at some point of not changing a default password or simply using “password” or “1234” to secure an account or device with access to sensitive data. Hackers who brute force a security portal start with the simplest password combinations before moving on to more advanced methods.
Writing sensitive information down on paper
It sounds like something you would see in a spy movie or TV crime drama, but it’s easy for criminals to copy an impression left from writing down a credit card number on a notepad or sensitive information written on top of a soft surface. It’s also too easy to lose a piece of paper or leave it unattended, where someone can pick it up or snap a picture.
It’s the simplest problem with our nature. Your employees can’t be expected to remember and diligently follow security training they receive only once a year. Most restaurants train their employees to protect customer credit card information and sensitive data, but those efforts may not be frequent or prevalent enough to truly protect your business.
By letting Navrae automate your bank reconciliation and back-office accounting, we not only save you time managing your restaurant’s financials, but we can also save your business from human error. Our automated bank reconciliation runs DAILY to prevent duplicate transactions and bank errors.
Our clients are protected from an average of 4-5 banking errors per month per account. These most often occur when an employee accidentally (or intentionally) double deposits their check using their bank’s mobile deposit app.
By automating your bank reconciliation, valid transactions clear quickly, and exceptions are flagged for review.
Cybersecurity should be a top priority for your restaurant business if it isn’t already, and Navrae can help with protecting your sensitive data, eliminating the use of employee SSN on multiple systems, and preventing human error through automation.
At Navrae we can handle your payroll, restaurant accounting, and accounts payable with daily, detailed reports available to let you focus on growing your business.
Navrae, Let us do the work!