Hackers have restaurants in their crosshairs. Earlier this year, after being alerted by government officials, Red Robin alerted shareholders that restaurants have been identified as plum targets by criminals looking to mine personal data about customers and staff.. Chipotle, Arby’s, Wendy’s, Shoney’s and several other chains have already been stung by data breaches in the last year.
Cyber crooks are drawn to the industry because of its high volume of credit card transactions, says Laura Knapp Chadwick, director of commerce and entrepreneurship for the National Restaurant Association. All that attention from hackers carries a high financial and reputational costs for operators. “The most critical part of keeping a customer is trust,” Knapp Chadwick says. “If you have a breach, those customers are not having that same level of trust.”
Here are three trips for training employees to lock down cracks in cybersecurity protocols.
1. Clue employees to the threats
Restaurants need to identify their threats and share that info with employees, Knapp Chadwick says. “They need to know what they are going to do and who they are going to call,” she says. At one operation, staff ensures that the wires supplying the guest WiFi and operational WiFi are at least 8 feet apart from each other, so that there is less chance of confusion if something needs to be done with the hardware, she says.
2. Train employees to be skeptics
Knapp Chadwick has heard reports of rogue agents posing as representative of electrical or cable companies and asking to see a restaurant’s computer system. Once the restaurants give them access to the server, the hackers are able to physically install malware or gain access to credit card data, W-2 and onboarding data, or loyalty program information. “Managers have to ask for credentials for the people who are coming into their restaurants,” she says.
Some hackers collect information about a person via social media to create a highly sophisticated phishing scheme, she says. Training employees to be aware of suspicious emails can save operators from ransomware and other cyberattacks.
Teach cybersecurity hygiene
Just like flossing and showering, cybersecurity is a daily routine that should be taught as a hygiene fundamental, Knapp Chadwick says. Restaurants should train employees to stay off of social media sites on POS-connected computers, and keep cashiers and servers up to date on payment card industry standards.