The restaurant industry reports some of the highest numbers of security breaches. A lot of sensitive customer data, including names, addresses, debit, and credit card details are processed and stored in hotel databases, hence easily targeted by cybercriminals. Marriott, which manages the Starwood Hotels, disclosed that the Starwood guest reservation system had been hacked in a breach that exposed the personal data of 500 million guests. Marriott’s case is one of the many cases of cyber-attacks in the restaurant industry. Cybercriminals target restaurants since they have massive amounts of data from customers and the existence of multiple databases containing personally identifiable information and payment card information.
Restaurants are a low-lying fruit for cybercriminals engaged in crimes such as credit card frauds and identity theft. Since business owners are busy running their restaurants, cybersecurity is an afterthought. It is, therefore, important for the restaurant industry to implement steps that ensure the safety of the data they handle. Protecting your restaurant irrespective of its size is important instead of reacting after an attack. In addition to reputational damages since you are required to notify customers, your business stands to face legal consequences in the form of fines for failing to protect credit card information.
Data Security Concerns In Restaurants
Complex Ownership Structures
Hotels, restaurants, and motels have complex ownership structures characterized by franchises, individual ownerships, and groups of owners with a management company that acts as the main operator. Each group uses different data management systems to capture the required information before sending it across to the operator’s system.
This complex system is a potential target vector, as reported by Wyndham Worldwide breaches of 2008 and 2010. Hackers were able to gain access to the system of an individual operating company. In 2019, Earl Enterprises reported an attack believed to have been instigated through a malware installed in the POS of one of the restaurants ran by the company compromising 2 million credit card numbers.
High Staff Turnover
The restaurant industry is characterized by seasonal work resulting in extremely high employee turnover. In the US, the Bureau of Labor Statistics estimates the annual employee turnover rate in the restaurant industry at 73.8%. In addition to the turnover rates, there is a high movement of employees to different locations, making it hard to maintain a well-trained staff. A well-trained team is likely to recognize attacks and understand the importance of complying with PCI requirements.
Reliance On Payment Cards
The restaurant industry is highly reliant on cards as the main form of payment for reservations. Hackers take advantage of the reliance on cards to infect point of sale systems with malware and access credit and debit card information. In 2017, it was reported that out of the 21 high-profile hotel attacks occurring since 2010, 20 were because of malware in the point of sale services. Due to this, malware can proliferate from the POS systems for affiliated groups.
Best Practices For Data Security In Restaurants
Compliance With Relevant Regulations
Franchisers and operators of hotel chains reap benefits from adhering to relevant regulations, including PCI DSS regulation aimed at protecting credit card data and GDPR law on data protection and privacy. PCI compliance and other cybersecurity aspects can be complicated for small restaurants; you can hire an outside firm to help you with all the compliance details.
Have Unique Identifiers For Each Server
The POS system in your restaurant should be configured such that each server logs in with a unique identifier. This will help you identify and track potential socially engineered threats. As a rule of thumb, do not use common keyboard patterns or similar patterns for all your servers.
Caution Employees Against Phishing Emails
Many of the malware attacks result from employees downloading email attachments from unsuspecting senders. With most businesses relying on emails for reservations, your employees may unknowingly open emails containing malware, which infects your restaurant management system and exposes data. Caution employees against opening or downloading attachments from strange or unknown email addresses.
Secure Your Wi-Fi Networks
Today, it is a norm to provide customers with the internet while at your hotel. Free and open networks are increasingly exposing your restaurant’s data management systems to cybercriminals. While you cannot withdraw the internet as an incentive for your customers, hide your private business Wi-Fi so that it is not available to outsiders. Provide a separate network system to your customers so that it becomes difficult for them to tap any sensitive information from the restaurant.
By understanding the main data security risks and best practices for mitigating these risks, companies in the restaurant industry are better placed to implement a comprehensive information security strategy by engaging people, procedures, and processes to improve cybersecurity and ensure the industry is safe.