The restaurant industry processes billions in credit and debit card transactions each year. While these everyday interactions literally mean money in the bank for businesses, they also open them up to cyber attacks that can have devastating consequences for their reputations and their bottom lines.
As demand continues to grow for e-commerce and other digital technologies to facilitate and enhance dining experiences, foodservice businesses and their customers are becoming increasingly vulnerable to cybersecurity threats. That’s why Restaurants Canada recently launched a partnership with cybersecurity provider Cyberisk Chek Inc. to give foodservice operators a way to defend their businesses from an inevitable attack.
Is your business prepared?
Most Canadian companies are overconfident and unprepared when it comes to protecting information from cyber attacks because they tend to have an incomplete or inadequate picture about the complex and evolving challenges that they face, according to cybersecurity experts.
In a recent study, 84 per cent of Canadian executives surveyed said that they felt their organization was “better than average” or a “top performer” when asked about their capacity to protect their business from cyber attacks.
The report, however, concluded that their assessments were “unrealistic” and that Canadian organizations “should look at their ability to prove how good they are.”
Many Canadian companies also tend to have a mistaken belief that they are too small or insignificant to be a target. And most are unaware that all businesses, no matter their size, will be required to report any possible leak of consumer information to their customers and to Canada’s federal privacy commissioner starting Nov. 1.
Here are some sobering statistics to consider:
- 60 per cent of small-to-medium-sized enterprises go out of business within six months of a cyberattack
- 70 per cent of cyber attackers deliberately target small businesses
- 71 per cent of cyberattacks hit businesses with fewer than 100 employees
- $180,000 is the average loss that small- and medium-sized businesses sustain from cyberattacks
No need to pull the plug
This doesn’t mean that restaurants should all revert to strictly in-person, cash-only operations. By developing a basic familiarity with cybersecurity and coming up with a strategy to protect your business from cyber attacks, you can get in front of the risk while continuing to satisfy consumer appetite for digital commerce and connectivity.
Here are some starter tips:
Get straight to the endpoint
As ironic as this might sound, the best entry point to understanding how your business could face attacks from cyber criminals is learning about endpoint security.
Endpoint security refers to the process of protecting your business operations from coming under attack via entry points to your information technology network. Any device that can remotely connect to your network is a possible entry point for cybersecurity threats; these can be regular, everyday devices, such as laptops and smartphones, or any other wireless or mobile devices, including your POS payment machines — even a fancy, newfangled IoT kitchen appliance connected to your network via a router or Wi-Fi can be a gateway for hackers.
Threats can include attempts to steal data, destroy infrastructure, or cause financial damage by infiltrating existing software on your network or by sneaking in malicious new software (malware) through poorly defended entry points.
With the right endpoint security solution in place, restaurant operators can feel confident when performing transactions with their customers’ information. But every business has different needs when it comes to endpoint security, depending on the type and number of connected devices that they need to be able to run their operations and what kind of services they provide customers. Each and every foodservice operator should compare different options and decide what works best for their business.
Use the most up-to-date technology whenever possible
Once you understand the concept of endpoint security, you can appreciate how any technology used in a restaurant has the potential to get hacked – whether it’s cloud-based or not. If any of these access points are compromised, attackers can get hold of your sensitive business information and potentially steal customer data. One of the best ways to protect against this is by making sure you are operating with the latest software and continuously keeping it as up-to-date as possible.
Comply with PCI standards
Payment Card Industry standards require that merchants store, process, accept, and transmit the information from any credit cards within a secure environment. Restaurants that adhere to these standards with compliant technology benefit from a layer of security that protects the information of their customers.
Stick to the PLATE framework
Running any modern business requires being prepared to adapt to the unexpected — and this is certainly the case when it comes to restaurant cybersecurity. Fortunately, there is a foodservice friendly acronym that can help you prepare for, handle, and recover from cyber attacks:
Perceive the threats to your business.
Limit risk for an attack.
Attribute the reason for the attack accurately.
Take action by responding to the hack when it occurs.
Evolve by making changes after the incident.
Keeping your customers happy is the key to running a successful restaurant, so don’t let a hacker take your focus away from that mission. Protect your business from cyber attacks by putting these four tips to work.
Interested in more help?
Available exclusively to members of Restaurants Canada, the Cyberisk Chek online analysis tool helps businesses undergo a detailed assessment of their current cybersecurity weak spots, and provides a cost-effective, step-by-step action plan to get ahead of those risks.
Get started by conducting this risk evaluation today!