• Home
    Home We Serve America's Restaurants Representing nearly 500,000 restaurant businesses, we advocate for restaurant and foodservice industry interests and provide tools and systems that help members of all sizes achieve success.
  • Foundation
    Foundation Building & Retaining Talent The NRAEF is focused on developing a stronger workforce and building the next generation of industry leaders through education, scholarships and community engagement.
  • Show
    Show May 18-21, 2019 As the international foodservice marketplace, the National Restaurant Association Show provides unparalleled opportunities for buyers and sellers to come together, conduct business and learn from each other.
  • ServSafe
    ServSafe Minimize Risk. Maximize Protection. For over 40 years, ServSafe® training programs have delivered the knowledge, leadership and protection that have earned the trust and confidence of business leaders everywhere.

National Restaurant Association - A proactive approach to cybersecurity

Skip to navigation Skip to content

News & Research

News RSS

A proactive approach to cybersecurity

You know cybercrime is a growing threat. You totally get that a data breach could cripple your business. But, you’re thinking, “Is there really anything I can do about it?”

Actually, there is a lot you can do to protect your restaurant against cyber attacks, and it doesn’t have to be complicated or expensive. Cybersecurity starts with some basic, straightforward steps such as limiting access to your systems, strengthening password protections and training employees to be more security conscious.

The National Restaurant Association has spent considerable time this year working on data security issues. Its new, free guide, “Cybersecurity 101: A Toolkit for Restaurant Operators,” can help you implement a cybersecurity program in your restaurant.

NRA’s guide is based on the National Institute for Standard & Technology’s Framework for Improving Cybersecurity in Critical Infrastructure (“NIST Framework”), a five-step approach to assessing and protecting against cybercrime.

The NIST Framework has five functions: identify, protect, detect, respond and recover. Focusing on these five areas can help you create a cybersecurity blueprint for your restaurant.

While it’s not a panacea, having a plan that addresses each of the NIST functions can go a long way toward protecting your restaurant. And the good news is that the framework works well for all sizes and types of restaurants—from small establishments to the most sophisticated operations and franchised companies.

NRA and a group of restaurant industry professionals are working on a Cybersecurity Framework for Restaurants that will tailor the NIST Framework to the industry’s unique needs. It will offer guidance that is applicable to both small, independent restaurants and large chains.

Here are some points to remember about the Framework and cybersecurity:

  • The Framework is not a to-do list or a regulatory requirement. There is no “NIST compliance” that you have to purchase. Rather, it’s a way of thinking about security that can be adapted and scaled to any operation.
  • Cybersecurity is a process. Think about your quality assurance program. Your QA program is designed to ensure consistent food preparation and good service. QA is an ongoing process. Can you honestly say that you are ever done with QA? By the same token, cybersecurity is not about checking boxes. It’s a continual process that you need to build into our daily operations.
  • Cybersecurity begins with taking an inventory to identify just how much risk you face. You need to know what you have before you can protect it. Knowing your risks and vulnerabilities will help you decide how to go about mitigating those risks and putting procedures in place to protect your sensitive information and data.
  • There are no one-size-fits all solutions to cybersecurity. Every business is unique. Your point-of-sale system, card processor and customer data are different than your competitor’s down the street. To be effective, the tactics and tools you employ must be tailored to your operation, taking into account your tolerance for risk and your available resources.
  • Follow best practices. While there isn’t a single solution, the vast majority of cyber intrusions could be prevented by adopting these simple, best-practice mitigation strategies: limiting access, training staff, ensuring your systems are updated and protecting your data.

To get more information, visit Restaurant.org/Cybersecurity.


Conserve RSS Healthcare RSS Conserve RSS

▲ Back to Top

New report

Spot Ad right

We're glad you're here!®

® 2012-2017 National Restaurant Association. All rights reserved.

2055 L St. NW, Suite 700, Washington, DC 20036
(202) 331-5900 | (800) 424-5156