• Home
    Home We Serve America's Restaurants Representing nearly 500,000 restaurant businesses, we advocate for restaurant and foodservice industry interests and provide tools and systems that help members of all sizes achieve success.
  • Foundation
    Foundation Building & Retaining Talent The NRAEF is focused on developing a stronger workforce and building the next generation of industry leaders through education, scholarships and community engagement.
  • Show
    Show May 18-21, 2019 As the international foodservice marketplace, the National Restaurant Association Show provides unparalleled opportunities for buyers and sellers to come together, conduct business and learn from each other.
  • ServSafe
    ServSafe Minimize Risk. Maximize Protection. For over 40 years, ServSafe® training programs have delivered the knowledge, leadership and protection that have earned the trust and confidence of business leaders everywhere.

National Restaurant Association - Cybersecurity and the high cost of doing nothing

Skip to navigation Skip to content

News & Research

News RSS

Cybersecurity and the high cost of doing nothing

Data security probably wasn’t on your mind when you decided to get into the restaurant business, but these days it’s a harsh reality that can’t be ignored. Too many restaurants have been victims of cybercrime to think that it couldn’t happen to your establishment.

Consider the high cost of doing nothing versus taking some preventative steps to deter cyber thieves from attacking your restaurant.

First, there are the costs associated with a data breach, which can be overwhelming. Payment card breaches can easily add up to $100,000 or more in losses, fines and forensic audits—an expense many restaurants cannot survive.

Those are just the financial costs. It’s hard to predict how much brand damage you might experience if data you’ve collected on your customers or confidential internal information is lost to hackers.

Scott Carlson, owner of Court Avenue Restaurant & Brewing Company in Des Moines, Iowa, knows firsthand the impact that even a suspected data breach can have on a restaurant.

In his case, there was never a breach—only the suspicion of one. But that was enough to trigger a series of costly actions that have become all too familiar to operators victimized by cybercrime.

Among the consequences that he suffered and says other operators need to be aware of:

  • Processors will request detailed compliance information, requiring you to cross-reference each potential breach with your employees’ work schedules.
  • Processors and card networks can require you to conduct a forensic audit, which can cost thousands of dollars—and must be conducted by one of only a handful of approved vendors.
  • If the card network suspects there has been a breach, it can fine you thousands of dollars for allegedly violating the networks’ data security rules, even if no actual fraud losses can be proved.
  • Worst case, the credit card company can refuse to accept further transactions, essentially shutting down your business.

What can be done?

With the help of a resourceful part-time IT person, Court Avenue was able to isolate and restrict the IP addresses that are allowed access to its POS system. According to Carlson, “Now we know exactly who is accessing our systems and why.”

Other precautions taken by independent operators like Carlson include building stronger firewalls to protect networks, installing security cameras to monitor POS systems, training employees on data security and limiting access to company computers.

The old saying that an ounce of prevention is worth a pound of cure holds true for cybersecurity. Taking the time to identify cyber risks and developing a plan to mitigate them will go a long way towards protecting your business and your customers.

The National Restaurant Association has developed some resources to get you started. Its free guide, “Cybersecurity 101: A Toolkit for Restaurant Operators,” can help your restaurant implement an enterprise-wide cybersecurity program.

The guide is based on the National Institute for Standard & Technology’s Framework for Improving Cybersecurity in Critical Infrastructure (“NIST Framework”). At the Framework’s core are five steps: identify, protect, detect, respond and recover. Focusing on these five functions can help you create a cybersecurity blueprint for your restaurant.

To get more information, visit Restaurant.org/Cybersecurity.


Conserve RSS Healthcare RSS Conserve RSS

▲ Back to Top

We're glad you're here!®

® 2012-2017 National Restaurant Association. All rights reserved.

2055 L St. NW, Suite 700, Washington, DC 20036
(202) 331-5900 | (800) 424-5156