• Home
    Home We Serve America's Restaurants Representing nearly 500,000 restaurant businesses, we advocate for restaurant and foodservice industry interests and provide tools and systems that help members of all sizes achieve success.
  • Foundation
    Foundation Building & Retaining Talent The NRAEF is focused on developing a stronger workforce and building the next generation of industry leaders through education, scholarships and community engagement.
  • Show 2018
    Show 2018 May 19-22, 2018 As the international foodservice marketplace, the National Restaurant Association Show provides unparalleled opportunities for buyers and sellers to come together, conduct business and learn from each other.
  • ServSafe
    ServSafe Minimize Risk. Maximize Protection. For over 40 years, ServSafe® training programs have delivered the knowledge, leadership and protection that have earned the trust and confidence of business leaders everywhere.

National Restaurant Association - Battle plan for cyberattacks on restaurants

Skip to navigation Skip to content

News & Research

Email Print
News RSS

Battle plan for cyberattacks on restaurants

For restaurant operators, the world of cybersecurity and cyber threats can quickly become overwhelming, and it’s easy to fall into a feeling of “it won’t happen to me.”

But a cyberattack can happen at any restaurant, and ignoring the problem dramatically increases the chance that it will. The costs of waiting until after your restaurant becomes a target can cause severe and lasting damage to your restaurant’s brand, said Susan Carroll, director of information security for White Castle.

“Whether it happens at a corporate or franchisee-owned store, all the customer knows is that the brand lost their credit information,” Carroll said. “Your customers now think less of you because you’ve lost their information. And your own team members’ feelings about the company and its ability to secure their private information are damaged.”

And it isn’t just credit card information that’s at risk. It’s likely that your restaurant collects piles of sensitive, electronic information via mobile apps, social media, loyalty programs and other methods. That may include:

  • Food, beverage and labor costs
  • Suppliers’ pricing
  • Recipes
  • Information on new business ventures
  • Employee and payroll information
  • Competitors’ data

The release of any of this information could cause serious damage to the reputation and the bottom line of a restaurant. Transaction Resources, a payment processing firm, estimated that, on average, small businesses pay from $36,000 to $50,000 for a data breach.

Fortunately, improvements in cybersecurity don’t necessarily require massive investments in new technology, and that’s one of the points the National Restaurant Association is looking to drive home with the Cybersecurity Framework for the Restaurant Industry, which is currently being developed by the NRA and a group of restaurant industry professionals.  It’s based  on the widely respected framework developed by the National Institute of Standards and Technology (NIST), but will speak specifically to the unique needs of the restaurant industry.

 “There are plenty of expensive cybersecurity solutions, but there are a lot of basic, straightforward things, like training, that restaurants can do,” said Carroll, chair of the committee developing the Cybersecurity Framework for the Restaurant Industry. “You need to reinforce the basics: protecting your computers from phishing, preventing people from getting into the back room. Sometimes, we miss the fundamentals.”

Simple steps will go a long way toward improving restaurant cybersecurity. White Castle saw firsthand the value of employee training as a security measure when a customer at a Louisville location tried to plug his smartphone into a credit terminal. An employee immediately recognized the threat and snatched the power cord away from the customer, Carroll said.

“They treated it that seriously, and that’s what you have to do as a company,” Carroll said. 

The goal of the Cybersecurity Framework for the Restaurant Industry is to develop guidance that’s as accessible for small, independent restaurants as it is for large chains, Carroll said.

“This involves all of us,” she said. “We don’t think the existing guidelines are tailored to our industry. We want to put in terms that make sense for restaurants. We’re trying to make security more accessible, more readable, and that makes it more actionable.”

Download the NRA's new Cybersecurity 101: A Toolkit for Restaurant Operators.


Conserve RSS Healthcare RSS Conserve RSS

▲ Back to Top

New report

Spot Ad right

We're glad you're here!®

® 2012-2017 National Restaurant Association. All rights reserved.

2055 L St. NW, Suite 700, Washington, DC 20036
(202) 331-5900 | (800) 424-5156