How much time do you spend on the computer in your restaurant? When you really think about it, probably a lot more than you realize. Sure, you’re handling business over email and placing orders over the internet. You’re managing a website for your customers, maybe even one that offers online ordering and delivery services.
You’re probably also tracking your costs of labor, food, and beverage with various suppliers and using an accounting program to rationalize them against your revenue. Employee personal and payroll information on hand, probably both in your personal computer and through your point-of-sale (POS) system. And then there’s your customers’ credit or debit card data, collected when their checks are closed out — information both your customers and the government expect you to keep safe through the PCI DSS (Payment Card Industry Data Security Standard).
In other words, your restaurant collects quite a bit of valuable data to protect, and handling it responsibly is just another part of good customer service and creating a positive work environment for your employees.
It’s also the foundation of what industry experts call a “cyber-security” plan, which can be as simple as strong password protection or as complicated as a full IT infrastructure security strategy. Cyber security predators exist in every industry, but in the fast-paced world of the restaurant industry (where you are expert in the world of hospitality and food, not necessarily technology), computer hackers know it’s easy for restaurant owners and managers to get behind on protecting their data and the data of their customers.
What follows is just a few tips — from easy to most involved — for how to keep everyone who dines with and works for you safe.
Be smart with passwords.
When it comes to setting passwords on your devices and online, you must be careful not to make it too easy to guess. This is some of your most important information – using your mother’s maiden name or your daughter’s birthday isn’t going to cut it. Complexity is the name of the game. If the program allows it, use special characters, numbers, and a mix of lower and uppercase letters.
Most types of accounts also offer two-factor authentication – after you put in your correct password, the two-factor authentication service sends a code to a second factor, most commonly SMS/push message to your mobile phone or another email address. Once you confirm by entering the second factor code in addition to your password, you can access the program. This means that even if hackers put in the right password, they still wouldn’t be able to verify they’re you and therefore wouldn’t be able to get into your account.
Implement EMV chip technology.
You might already be using EMV chip technology, but if you aren’t, you’re doing both your customers and your business a disservice. On the customer side, this technology helps protect them from credit card fraud in a way the old system didn’t. For the business side, the liability shift set in place in 2015 means that if you don’t use the EMV system and credit card fraud occurs, the customer’s bank could hold your restaurant accountable for damages. In other words, it’s just good sense to put this technology to work for your business.
Think about limiting risk.
The first thing to understand about protecting your restaurant’s computers and data is that there’s no one-size-fits-all solution. Like with insurance, the protections you put up will have to be decided by looking at your business’ specific needs and carefully researching your options. Security experts can be hired to assess your vulnerabilities and make suggestions about how much protection you feel is necessary for your particular business.
To help facilitate that process, be sure to assign people in your organization to maintain responsibility for data security and IT maintenance. Not only will that limit the exposure of data to very few people accessing it with top clearance, but it will give you a point of focus for properly training staff how to use your POS system correctly, managing a firewall and any other security options (like threat or virus detection), and ensuring all your software is kept up to date.
If you do think you’re experiencing some type of cyber-security crisis in your restaurant — or implicated in a bigger news story about data or credit card breaches — then you should:
As with any PR crisis in your restaurant, you should treat the situation with great urgency, but calmly. This combination not only gives you the best shot at nipping the crisis in the bud, but will also show your professionalism and responsibility to the public.
Bring on the experts.
Consider having an IT professional on retainer, preferably one who specializes in security breaches. They’ll need to ask you questions to assess the situation, so be prepared to tell them things like why you believe your data was compromised, when and how you found out about the breach, and if the data involves employees, vendors, or customers.
The other person you should call immediately in a data security breach at your restaurant is your lawyer. In worst case scenarios, most states have some form of data breach notifications laws, and you want to make sure you follow those laws to the letter.
Recovery is both about fixing the holes in your security and gaining back trust from the community. Customers want to feel safe handing you their credit card, and showing that you’ve handle the situation quickly is the best way to show your professionalism and competence in a crisis.
Some steps to consider as you recover after any kind of suspected breach:
- Have you updated your software and hardware with the latest protections?
- Have you reset all passwords?
- Have all your legal responsibilities been fulfilled, especially when it comes to making a public statement and contacting those affected?
Having to think about cyber-security can be scary, but at its most basic, it’s just about keeping your eyes open, watching out for threats, and managing them when you get hit. It’s no different than taking precautions against employee, customer, or vendor theft at your cash register. And the more you know about how to keep your restaurant safe, the better you’ll sleep at night.
Once you know your restaurant is safe, it’s time to focus on other front-of-house renovations that will bring in more return visits. Download our free eBook on renovations that can make you more money today!