One of the large-scale industries most vulnerable to cyber-attacks is the restaurant business. Restaurants provide the easiest access to critically private financial data of thousands of diners. Once inside the servers, hackers have unrestricted access to such sensitive information. Marriott and its guests were in for a rude shock when the guest reservation system of Starwood Hotels under Marriott, was hacked. Consequently, the personal details of 500 million guests were compromised. Restaurant servers store large databases of diners’ details that can be used for malicious purposes. Names and addresses provide personal identification information, while credit and debit card data are used in financial cybercrimes.
Restaurant data is a more susceptible target for hackers. The reason is easy to see. The kind of information hackers can get their hands on from a restaurant server helps in committing credit card frauds and identity thefts, both high-level crimes with substantial returns. The restaurant owners generally focus more on the hospitality factor; thus, the IT security domain is left exposed to the cybercriminals quite unintentionally. Restaurants, no matter how big or small, must enforce cybersecurity in their systems. A cyber-attack hurts the reputation of the restaurant and reduces diner confidence.
Cybersecurity Issues Faced by Restaurants
Restaurants are often more vulnerable to data security threats. Let us look at some of the major reasons behind this.
1. Lack of Uniformity in Digital Security Systems
The main reason why hospitality businesses like hotels, bars and restaurants are often unable to implement a robust web security framework is due to the complicated ownership hierarchy within the business. There are franchises, single owners, multiple owners within a management board, conglomerations, chains and many more. Each unit often uses dissimilar data management and security systems. As a result, when any information is transmitted across systems, security concerns are assessed and solved differently.
This can often cause potential threats to slip through. The cyber scandals of Wyndham Worldwide in 2008 and 2010 are testimony to this. Hackers infiltrated the whole internal network by hacking into the system of one operating company. Earl Enterprises presents a similar example. In 2019, malware in the point of sale terminal of one of their restaurants put the holder of 2 million credit cards in financial jeopardy.
2. Untrained Employee Population
The restaurant sector is a labour-intensive industry. On top of that, it benefits from seasonal employment. The American Bureau of Labor Statistics reports that the restaurant industry sees an annual employee turnover rate of about 73.8%. It is foolish to expect the recruitment of people with the same skill and experience as permanent employees for temporary rush season jobs. It is also a common practice among restaurants to transfer and rotate staff between their various locations. This makes it difficult to maintain a certain standard in staff competency. Restaurants end up losing professional employees who were better equipped to deal with threats and strictly uphold PCI protocol.
3. Card-based Payment System
It has almost become a convention to pay in restaurants with credit and debit cards. This is exactly what cybercriminals cash in on when trying to commit financial cybercrimes. They inject malicious software in point of sale or POS hardware that sends back all the card and payment information to the hackers. This software can even crawl through networks and gain access higher up in the network topology, further endangering the data security of the restaurant. It is interesting to note that an overwhelming 20 out of the 21 much-publicized hotel cyber attacks since 2010 originated in POS terminals of a subsidiary.
4. Data Security Measures for Restaurants
It is better to be safe than sorry, and this applies all too well in this context. Restaurants must take stringent precautions to ensure cybersecurity. Given below are a few pointers.
5. Conformity to Security Standards
Hoteliers often disregard web security issues to put more muscle into growing their business. Abidance by cybersecurity rules may seem cumbersome at first, but it pays off in the long run. The burden may seem especially high for smaller restaurateurs. They have the convenient option of hiring a security firm to look after the security matters. In the least, PCI DSS requirements for card data security in businesses and GPDR regulations for data protection and privacy for citizens across the globe must be complied with.
6. Tighter POS Security
In light of the knowledge that POS systems present the highest susceptibility in cyber attacks, it makes sense to strengthen the data protection facilities used in them. Besides firewalls and anti-malware software, good password practices are essential. Each terminal should have a unique identifier for signing in to the server or network of servers. Operating staff should be directed to not use common keyboard patterns as passwords or use the same password at every point under their jurisdiction.
7. Wariness Against Malware
Emails are the weapon of choice for many phishers. Unfortunately, emails are also the most common method of booking reservations. Hackers use this chink in the armour to target restaurant servers. Phishers often use corrupt attachments to upload spyware or other malware onto the computer when the file is opened or downloaded. Staff should exercise caution if they see attachments in emails from suspicious sources, especially ones that appear to be media files with .exe extension.
8. Wi-Fi Segregation
We have all been through the stage when we rampantly used public Wi-Fi networks before someone warned us of the potential risks. This applies to restaurants as well. It has become quite usual for restaurants and hotels to provide free Wi-Fi service to diners as part of the hospitality package. But this has opened up a sea of troubles too. If terminals used for the operation of the restaurant use the public Wi-Fi network too, do not be surprised if a hacker slides in through this route. This is why it is highly important to use a private silo network for the operations of the restaurant, with no channel to lead back from the public one.
It does not take much to put the basic security measures for a restaurant into practice. Mobilizing employees to adopt good cyber practices, and installing requisite security checkpoints is a good place to start. Recognizing these digital security hurdles and taking steps to overcome them is sufficient to shield restaurants against most threats.
