More than seven out of 10 dining establishments in the United States are single-unit operations. Like all retail small businesses, restaurant payment systems can be targets of data security intrusions.
Criminals see small businesses, including restaurants, as easy opportunities for criminal activities. There are hundreds of thousands of locations, and, in the aggregate, millions of payment-card transactions. Data security is one of many risk areas owner-operators must manage and shortcomings persist in many restaurant network-security practices.
Restaurants are increasingly vulnerable as innovative digital solutions proliferate. Wi-Fi, security cameras, point-of-sale systems, wireless credit card processors and digital menu boards are among the technologies that connect with restaurant networks through IP addresses.
Each IP address on a restaurant network is a potential entry point for cyber criminals, and many unsophisticated networked solutions cannot distinguish between “good” and “bad” traffic.
It is important to remember that businesses are responsible for protecting their customer’s credit card data from cyber criminals just as they are responsible for keeping robbers out of their establishments. In the area of data security risk mitigation, restaurateurs have guidelines to assist them in the form of payment-card industry data-security standards.
Keeping your network safe
Despite vulnerabilities, new digital solutions can improve operations, enhance the customer experience and boost the bottom line. It’s not necessary – nor cost-effective – to put non-payment solutions on a separate physical network to isolate them from cardholder data.
These six measures can help secure cardholder information while allowing normal network data flow in your restaurant:
Maintain a strong firewall. The PCI data security standards prescribe firewalls for compliance. Make sure your firewall is hardened and is supported by virus protection software.
Conduct regular scans of your network. The best way to determine if your systems have been compromised is to scan them regularly for vulnerabilities. For relatively low annual fees, a security vendor will remotely scan all of your external systems access points to determine if any are vulnerable to intrusion. This service is analogous to have a regular pest control inspection to identify infestations. Use a reputable, professional company to conduct these electronic scans regularly.
Limit remote access. Many restaurants leave their firewalls open to outside entry by mangers working remotely or vendors who routinely perform maintenance on systems. Be sure to create strong passwords instead of using the default codes, and change them often. Similarly, always change default firewall settings to allow only essential access, and limit remote access to secure methods such as VPN.
Ensure all credit card data is encrypted. If you have older POS equipment that sends raw credit card data to a back-office server, it may be time to upgrade. Modern, secure POS systems encrypt credit card data as soon as a card is swiped, and they immediately send that data to the payment processor without temporarily storing data. Double check your POS system to make sure it complies with PCI standards.
Segment your network. For example, make sure your POS data traffic is separate from your Wi-Fi system, security cameras, digital menu boards and other connections. If you want to enable managers to connect to the POS via Wi-Fi, connect them through a virtual LAN that separates authorized traffic into a security zone.
Keep your software updated. Manufacturers frequent update operating systems and POS software to tighten security and eliminate weaknesses vulnerable to hackers. Make sure you download the latest operating system patches and keep all POS software up-to-date.
Addressing these issues is a smart step to help you protect your customers’ data, your reputation and the integrity of your payment card processing environment.
This content was provided by National Restaurant Association partner ANX/Earthlink. For more information contact Sadhana Joliet or Chad Leedy.