We'll cut right to the chase. Your wifi network, your website and your hardware are three things that are susceptible. Here is a simplified crash course to get you on the right track with your data security measures.
Your WiFi Network
It's 2016 and innovation is coming faster than ever. Your Wi-Fi network is an especially tricky place to start as it effects wireless credit card processors and POS Systems systems, both housing customer data.
Let us break it down for you in 2 easy steps. A hacker will:
1. Locate weak, poorly protected networks (small businesses, overall, are MUCH more susceptible)
2. They will then try their best to intercept unencrypted data from both your corporate machine's and your customer's machines being used in-store (via guest-enabled wifi)
This is scary but according to CSO online here is what you can do about it:
"Take care to implement proper network design to ensure a DMZ between public and internal networks. If the wireless network is an internal network, ensure proper security controls to include strong authentication."
Important: Your guest network and your internal network should be separate. This is included in most corporate deployments but should be a best practice in smaller shops.
Another Way to Help Yourself: Since many restaurants outsource their networking issues, bring this up to your network provider as well as to your hardware provider, especially for products that handle customer data. They may tell you to hardwire certain products in for safer connectivity or they may have other safety measures in place.
Be wary of impersonator bots.
What are bots? There are two types of bots, good and bad. According to Incapsula, bots make up 56% of all website traffic and bad bots account for 29% of that.
What is an impersonator bot? An impersonator bot is, unfortunately, one of the bad bots. They make up 22% of traffic and are the most advanced, malicious bot on the web right now. They are purposely built to mimic human behavior and operate under the cover of a browser-like identity. For example, a bot that fills out your online order form, will look exactly like a real human, costing you money in food they will never pick up.
An important thing to remember: impersonator bots are at the mercy of their owner. The degree of severity of a bot attack depends on the owner, their intentions and the magnitude of the company on the receiving end. Still, it's always good to protect yourself. Bring this up to your website form provider or website host to make sure they have measures in place to do their best to detect this sort of activity.
Your Current Vendors/Hardware
Your wifi network and your website are just two of many things that could be under attack. An important step to take when you're giving this another thought is evaluating all of your vendors and making sure you are aware of the security measures they are taking to protect your restaurant and your customer's data.
In some cases, failure to properly maintain older technology can be the reason for major security breaches. In fact, the Office of Personnel Management breach back in the summer of 2015 was not a sophisticated attack by the standard of modern systems, but only sophisticated for a 1970's legacy system that was operating on older mainframe applications.
When talking about data security in the restaurant industry it would be impossible not to mention EMV. Going right along with the above sentiment about upgrading your technology, upgrading to EMV compatible transactions will help you reduce the risk of hackers monetizing scraped card data. NRA has a great post on this if you want to learn more.
Moral of the story? It pays to stay up to date on your security measures, follow up with vendors and replace older systems.
In the market for new restaurant technologies? We have a Buyer's Guide just for you. Download our restaurant technology buyer's guide to view over 25 differen't technologies in categories like POS systems, guest facing tech., table-top technology and more.