Keeping data safe and secure is of great concern to us and our industry. Technology innovations, often fueled by data, help restaurants streamline operations, reduce costs and bring in more guests. But with opportunity comes risk. Payment card information has always been a target, and now hackers are hungry for more. With new data sources, online criminals can target all aspects of a restaurant’s business.
To help restaurateurs combat potential cybercrime, we’ve offered solutions, including toolkits and webinars, and work with various cybersecurity experts to prevent data breaches from happening. Soon we will release Cybersecurity 201, a follow-up toolkit to our Cybersecurity 101 guide.
Because we’re increasingly digital, we’re all more aware of cybercrime and what we need to do to prevent it. That’s good news, says Nick Schacht.
Schacht, president and CEO of KnowCyber, a Houston-based cybersecurity training firm, tells restaurateurs that cyber is a moving target. If they’re using digital devices for almost everything, they must be more vigilant about protecting information –theirs and their customers’.
“The more we use information systems and digital devices, we have to deal with the security of those devices and the security of the information,” he said. “That’s what cybersecurity is at its core: keeping our information and the information we create and collect secure so it’s not misused, stolen or abused in some way or other.”
Keeping your data safe is the priority
Laura Knapp Chadwick, our director of commerce and entrepreneurship, adds that members of Congress are intent on fixing problems associated with cybersecurity, but that the solutions so far proposed “would drive up costs and probably wouldn’t do much to protect against a cyberattack.”
Schacht says as businesses become more digital, assets that aren’t cybersecure are at risk. And, if information captured ‑ especially from customers ‑ isn’t protected, reputations could be jeopardized. He noted that:
- 12 of the top 20 data breaches in 2014 were in retail or restaurant brands, and that every single one involved payment card data.
- 70 percent of consumers can name at least one brand that’s had a data breach.
- 15 percent of consumers say they’d stop doing business with an organization experiencing a significant data breach.
- The cost for a small business to recover from a data breach is $50,000 or more.
He also says the majority of breaches are motivated by profit. “Data and information are where the money is. That’s what drives cybercrime.”
Want to stay on top of cybersecurity? Here are 7 tips
As cybercrime constantly changes in how it attacks businesses, Schact recently offered up seven new tips for staying on top of the problem:
- Identify your risks. Know they exist, where the data is and where it’s stored. Find out who has access to it and if remote access is permitted.
- Monitor your risks. There are tools you can put into place that will signal if someone wrongly accesses information.
- Prioritize your risks. Do the best possible job of identifying risks and tackle the biggest ones first. Find and use technology systems that will reduce risk.
- Check third-party suppliers. Know the connections between your organizations. If they have access to your digital systems, they are a risk. Be aware of what they have access to and control or reduce it. Always hold suppliers to the same standards you hold yourself to.
- Comply with the PCI data security standard. This was set up by the major credit-card companies about a decade ago to protect payment card information. It addresses how your systems should collect, store and process data related to payment cards. It also requires an annual assessment. If you’re not compliant, you could be fined or your cost for processing credit cards could increase.
- Train your employees. Prepare, educate and equip staff to protect information. Cybersecurity is more about people than it is about technology.
- Conduct constant examination. Always examine yourself, your business, threats to your business and the protections you have in place.
Logos, product and company names mentioned are the property of their respective owners.