Cybersecurity Risks for the Modern Restaurant

Restaurants are no stranger to the issue of cybersecurity. Customer payment data has been a primary target for years. Restaurant owners and operators have been working hard to protect that data since the beginning. We know you take this security seriously, but the restaurant industry is changing, and so are the security concerns. It’s important to stay up to date on the latest security issues so that you can protect your business and your customers.

Technology has brought a lot of innovation to the industry. Technological advancements mean more data collecting and sharing, more methods of payment collection and processing, and more choices for data management and storage.  All of these pieces add up to more vulnerabilities that the savvy restauranteur needs to address. We looked at Trustwave’s 2018 Global Security Report to understand more about the current threat landscape for restaurants.

What Do They Want?

  • Customer Payment Data is still the biggest target. Card track data (that’s the magnetic strip) accounted for 22% of data compromises. CNP, or Card Not Present, data accounted for another 18%. CNP data is the information customers fill out for e-commerce sites, card number, expiration date, etc.

  • Personally Identifiable Data is another big target for bad actors these days. Hackers can sell data like names, addresses and emails for big bucks. This means that your customer loyalty information is fair game.

  • Payroll Data contains sensitive information on yourself and your employees. This can be a major score for bad actors. Social security records are worth $0.53 on the black market, so keep yours secured.

  • Proprietary Information in the form of recipes, business development plans or market research can be valuable to the right audience. Make sure this data is protected as well.

  • Sometimes it’s not the data that they’re after. In many cases last year, Trustwave found infiltrators pass over seemingly valuable data and used their access points to commit theft or install ransomware. Imagine being locked out of your system and forced to pay a ransom to regain access. The potential of holding your business hostage can make even the most mundane information valuable to hackers.

How Do They Get In?

  • POS devices are still the number one point of access for the food service industry. These devices are notoriously difficult to protect and contain a wealth of data. Make sure your POS devices are up to date and segmented from the rest of the network.

  • E-Commerce adds another access point to watch. Payment information and personal data hosted through the web means additional security concerns that should be integrated into your security plan. 

  • Updated Phishing schemes take advantage of human error. Nearly half of the POS compromises were facilitated by phishing and social engineering. The newest trend in phishing is the telephone scam, where a would-be patron calls your restaurant and says that the online booking system is not working. They instead propose emailing their reservation details, and then the host is sent an email containing the malicious attachment.

  • Service Providers - Trustwave’s study found 3rd party service provider companies were an increasing target for bad actors. These companies are attractive to hackers because through one vulnerability they can potentially gain access to multiple data chains. This is a newer strategy that Trustwave says “did not even register” in 2016. It’s important to thoroughly vet all service providers before engaging them in business and continue to have open communication about security concerns throughout your relationship.

What Can You Do About It?

  • Make A Plan – It’s important to strategize about security issues in advance. Have security protocols in place that protect your data to the best of your ability, and then PAY ATTENTION. You should also have a plan in place for what to do if you are attacked. Check out our blog on security tips for more ideas on protecting your restaurant. The National Restaurant Association also has a great guide to help establish your plan. Last year they published Cybersecurity 201: The Next Steps in response to the growing threat of advanced technology. This guide outlines several steps restaurants can take to protect themselves before, during and after cyber-attacks.

  • Understand Your Risk – Cybersecurity is a constant battle against very skilled hackers and bad actors. There is no such thing as a perfectly secure system. That doesn’t mean we should stop trying, it just means we should be aware of the situation. Understand that your security protocols are the first line of defense for your data. You should also have plans in place for what happens if/when those defenses are breached. A lot of security is designed only to keep people out. When someone does break though, they have very little in their way and can quietly do damage for months or even years.

  • When Breaches happen, Don’t Panic - React – The median time between breach and detection was 83 days for those companies requiring external support. Companies with the tools to identify and counteract breaches internally fared much better and were generally able to respond to incursions within the same day. Create a plan of action for identifying and resolving breaches quickly and efficiently to minimize the impact.

The most important piece of advice from these experts: pay attention. Complacency enables cybercrimes. It’s not enough to set your firewalls and forget about the rest. Hackers today are very skilled and determined. Staying alert to possible threats can save you a major headache.

Data Central by Restaurant Magic is a comprehensive data management solution for the restaurant back office. For more information about Data Central’s services and protecting your data please call us at (813) 288-2633 (toll free – 1(800) 933-4711) or visit our website at