The National Restaurant Association has just issued a new guide for helping small restaurant operations protect their customer and business data from being stolen. It’s an update to the NRA's introductory-level security primer of two years ago, Cybersecurity 101.
In addition to recounting how four successful restaurateurs painfully learned of their vulnerability to hackers, Cybersecurity 201 provides specific recommendations for outwitting the thieves. Presented here are six tips for rethinking how a restaurant should protect itself.
Restaurateurs looking for more detailed advice, including a step-by-step guide to adapting the safety protocols of the National Institute of Standards and Technology to a restaurant environment, are encouraged to download a full copy of the NRA report. The NIST measures are regarded as the gold standards of security practices.
Here are six ways restaurateurs should become more security-minded, according to the NRA.
1. Understand the core functions of a security plan
Any defensive plan has to start with the fundamentals, advises the NRA. It cites five basics—identify, protect, detect, respond, recover—and explains them this way:
- Identify what data a hacker could target.
- See what safeguards are available and adaptable to your operation.
- Have mechanisms in place to alert you to a breach.
- Determine what responses could lessen the damage of a breach.
- Scope out how to bounce back as quickly as possible.
2. Look at the sum of the parts
The specific safeguards recommended by the NRA are based on NIST protocols, which break down into more than 100 sub-categories, each with do’s and don’ts. Try to see how those specific steps fit together into a comprehensive, big-picture defensive web.
3. Understand that you can’t eliminate risk
As with HAACP, the objective is to manage the risk, but don’t be deluded into thinking your security efforts are foolproof. “Your goal is to get to the optimum level of safety that makes sense for your restaurant,” the NRA explains.
4. Prepare for continual assessment
Your big-picture strategy has to include a mechanism for making sure you update it. “Assessing your risk and working toward reducing it is a continual process,” says the NRA.
5. Realize cybersecurity evolves
Safeguarding a restaurant’s data is a process, not a one-and-done plan, advises the association. Data thieves are constantly probing for ways of overcoming the security measures. You have to be just as diligent in thwarting them.
6. Keep checking the NIST framework as it evolves
While you’re thinking of your business’s specific risks, the NIST is evolving its safety measures from a global standpoint. “The Framework is a living document and will continue to be updated and improved as industry provides feedback on implementation,” the U.S. Department of Homeland Security explains. Staying current on the recommendations means keeping pace with the crooks—or being one step ahead.
The NRA said it will continue to monitor the NIST framework and how the recommendations apply to restaurants.