Cyberattacks are on the rise as the world economy has shifted to the digital age. For the restaurant industry, hackers aren’t just focused on payment card data, but now collect information on entire businesses and their operations. The customers, employees, reputation, and brand of a business are all at risk with today’s data breaches. Cyber criminals recognize the technological advancements made in the restaurant industry and are beginning to use these advancements as pathways to more profitable cyber-attacks. As these cyber-attacks evolve, so must the strategies for restaurant owners. Cybersecurity is no longer about playing defense; it is about planning offensively. It is crucial that restaurant owners take proper precautions to ensure cybersecurity.
The National Restaurant Association’s (NRA) Cybersecurity 101 Toolkit lays out the most common ways data breaches cost restaurateurs and what they can do to better prepare.
Often following a major restaurant cyber-attack, the greatest concern is the loss of customer information. As harmful as this loss may be to a restaurant, it is not the only looming issue that the business faces. Along with customer, employee information is also vulnerable. Valuable personal data including Social Security numbers and sensitive financial information can be obtained by cyber criminals through data breaches.
A data breach is also damaging to a restaurant’s bottom line. For example, the smallest suspicion of a breach can lead to a forensic investigation which can cost anywhere from $12,000 to $100,000. After investigations, if a breach has been detected it is estimated that the average small business may pay $36,000 to $50,000. Lawsuits related to security breaches can be as damaging to brand reputations as they are to the bottom line of a business. Once a breach has been detected, a business has a legal obligation to inform the media. This can lead to costly litigation fees.
Litigation and investigation fees are often only the beginning of the costs to a restaurant’s bottom line. Once a breach has occurred, there are unavoidable damages to a restaurant’s reputation and brand. Research has shown that 15 percent of consumers would cease doing business with a restaurant if there was evidence of a data breach. Harm to a restaurants brand name and reputation can prove to be the most expensive cost incurred by businesses that have suffered a data breach.
Fortunately, there are safety measures that can help reduce the risks of cyber-attacks. However, restaurant owners must take a proactive approach towards cybersecurity if they wish to reduce the risk of a breach. Heartland Payment Systems provides six bullet points to help with cybersecurity:
- Follow the PCI DSS Standards.
- https://www.pcisecuritystandards.org/pci_security/maintaining_payment_security
- Use a PCI compliance vendor program to complete PCI compliance attestation such as Heartland’s Merchant Protection Program.
- Leverage secure products such as Heartland Secure P2PE devices to minimize data.
- Educate and empower employees to identify issues first.
- Understand your risk and perform risk assessments to find vulnerabilities and gaps.
- Prepare for a breach by implementing an incident response process.
Predictions reveal that losses from cyber-attacks will grow from $460 billion in 2016 to greater than $6 trillion in 2021. As technology continues to advance, cyber-attacks will become an even more pressing issue. Being proactive with cybersecurity is vitally important with the skills of today’s hackers.
For more information on what steps can be made to better secure your restaurant and training for your staff, contact Goliath Consulting Group at getresults@goliathconsulting.com
Sources
Heartland Payment Systems: https://www.heartlandpaymentsystems.com/blog/2017/04/14/data-breach-2017
National Restaurant Association: http://www.restaurant.org/Cybersecurity