Six tactics to improve your restaurant’s cybersecurity


In this five-part series, restaurant managers and operators will get an overview of how the restaurant industry views and consumes technology. Get tips for creating a successful digital strategy that works in the industry. Learn about four new tech your restaurant should consider exploring. Find out if your establishment is optimized for mobile diners. And lastly, learn how to protect your restaurant from cyber attackers (yes, they're aiming for you!).

If you have been living under a rock, you might have missed the kerfuffle that is brewing between the world’s most valuable company and the worlds most feared law enforcement agency. Being a lifelong PC (and now Android) guy, nothing warms my heart more than seeing Apple on the hot seat with the FBI. Unfortunately, I find myself on the side of the behemoth in Cupertino. 

Sort of…

The core of the story is the heartbreaking terrorist attack that took place in San Bernadino, CA last year. The iPhone of the main shooter is in the possession of the FBI, but they can’t unlock it because they made a mistake with the phone that triggered a potent security protocol. The FBI went to court to force Apple to create a “backdoor” into their own operating system that would allow the FBI to recover what they believe to be significant data from the phone.

Here’s where it gets interesting to you. Apple is refusing because they believe by giving this to the government all iPhones are at risk of exactly this type of government meddling. If you have any affection for your civil liberties, this should scare you, but that’s not why it’s relevant to you. Any restaurant operator that uses a third party to save, secure, access and manage their data is at the same risk from both the government and artful hackers.

How to bolster your restaurant's cybersecurity

This got me to thinking about cybersecurity for our industry and what it all means. Basically, everything electronic thing you do has some data implications and with that, exposures. I won’t waste time scaring you with stories of horrific losses by restaurants or implying just how much risk you are at currently. It would be better to identify six tactics to reduce that exposure and insure you don’t become a cautionary tale yourself.

While no strategy is full proof, these steps might slow potential hackers down or turn their attention to businesses that are less prepared. 

  1. Manage Your Passwords – This sounds so simple, but password hacking is one of the most common methods for gaining access to accounts, employee information and stored financial data. With the high turnover rate of managers and staff, it becomes even more crucial to regularly change your passwords.

    I know, what a pain in the ass it becomes, but there are some tools that will help manage that for you. Password management software makes it easier to manage, remember and change your passwords. Change them regularly and you will thwart a host of attack possibilities and keep your data and accounts safe.
  2. Secure your WIFI – This valuable service you provide your guests is also a major cyber security exposure point. Let’s start with the fact that you likely provide the same network to your guests that you are using to manage your business. THIS IS A MISTAKE! While it may cost you a bit more per month to have two separate routers and distinct internet services, it’s an essential strategy.

    If you have not implemented the newer security on your existing WIFI network then you need to upgrade to WPA2 (it’s free). Also hiding your network identity (SSID) makes it more difficult for intruders. You can imagine a bad guy sitting at your bar, using your WIFI to hack your main business computer. That should scare the POOP out of you. It’s actually very easy to fix by having a separate and dedicated security for both guests and internal connection. Then simply change your passwords regularly while keeping the SSID private. It takes just three minutes to eliminate a major exposure.
  3. Is your credit card service PCI compliant? – It’s a simple question, but if the answer is no, then you are exposed to having guests credit card data stolen. That exposure is enormous and you can be liable for it, so ask your credit card processing provider to detail their security measures. Also, you may be taking credit cards in multiple ways if you allow online ordering or do any e-commerce. So, as a measure of being thorough, you should ask anyone that is managing your data what they are doing to protect it.
  4. Manage your employees – This is by far your greatest point of exposure, mostly because they can defeat any strategy you employ by being a “bad actor.” I hate the fact that the very people we care for, nurture and give opportunity to are also the ones we need to fear from a security perspective. Sadly, it’s the truth and you can’t deny it. You must harbor a healthy suspicion of everyone’s motives.

    Our industry is littered with stories of failed restaurants brought down by “trusted” employees and their nefarious behavior. If you have ever wondered whether a bartender is stealing or a server has a deal with a cook to get food off the POS, then you know this risk is real. Be aware, change passwords often and never allow access to an employee until they have proven themselves worthy.
  5. Protect your office devices – You are constantly under attack and most of you simply don’t know it. Recently we were hiring a new staff person for our business and I received an email that was labeled Resume. Without thinking I opened the attached file and it immediately encrypted my entire desktop. I then received a message telling me that for just $750 I could get the encryption key to set it right. Fortunately, my important data is kept on the cloud and I didn’t need to acquiesce, but something as simple as that careless error could have been a nightmare for me.

    I can’t stress enough the importance of having both malware and anti-virus software on your main office device, as well as the basic encryption programs provided with your computers operating system. This is especially important if you allow access to many people. All it takes is one errant email to be opened and all the data on your device — as well as potentially every key stroke you make — being exposed to a bad guy.
  6. Build your castle in the cloud – With today’s high speed internet connections there is almost no reason to keep data housed in your building anymore. Most POS communicates fluidly via the internet, and there are hundreds of amazing cloud solutions out there to help you tackle your regular challenges. Ask cloud providers the right questions about their security, but be assured they are more likely to have the most current protections and have an even greater incentive to be diligent.

While taking a strategic approach to cyber security is no guarantee you won’t have an incident, “no strategy” is an invitation for disaster. These six tactics will, at minimum, protect your most valuable information and, at maximum, save you hours of frustration and even a potential disaster. 

So don’t be afraid and take action before someone else’s action takes you.