• Home
    Home We Serve America's Restaurants Representing nearly 500,000 restaurant businesses, we advocate for restaurant and foodservice industry interests and provide tools and systems that help members of all sizes achieve success.
  • Foundation
    Foundation Building & Retaining Talent The NRAEF is focused on developing a stronger workforce and building the next generation of industry leaders through education, scholarships and community engagement.
  • Show
    Show May 18-21, 2019 As the international foodservice marketplace, the National Restaurant Association Show provides unparalleled opportunities for buyers and sellers to come together, conduct business and learn from each other.
  • ServSafe
    ServSafe Minimize Risk. Maximize Protection. For over 40 years, ServSafe® training programs have delivered the knowledge, leadership and protection that have earned the trust and confidence of business leaders everywhere.

National Restaurant Association - Four things you can do right now to protect your restaurant from cybercrime

Skip to navigation Skip to content

News & Research

News RSS

Four things you can do right now to protect your restaurant from cybercrime

You’ve heard the stories: the merchant who never changed the default password on his point-of-sale system, or the business owner who let her employees use the store computer to check email. You know how these stories end. Their businesses are hacked. They become the latest victims of cybercrime.

It doesn’t have to be that way, and with just a few precautions, you can avoid becoming another one of those “stories.”

When cybersecurity expert Robert Dowling of Dynetics presented to the National Restaurant Association Board of Directors, he noted that at least 85 percent of targeted cyber intrusions could be prevented by following these four best-practice mitigation strategies:

  1. Strengthening login procedures
  2. Updating software with the latest patches
  3. Limiting access to data
  4. Ensuring that data security policies are consistently applied across the enterprise

Let’s take a look at these best practices in a little more detail:

  • Limiting access. Take an inventory of your data collection systems, including the hardware and software you use. Then determine who has access to these data sources. By limiting who can interact with your restaurant’s computer server, for example, you can prevent an employee from inadvertently downloading hostile or intrusive software. Many POS systems allow individuals to view the receipts for the day from a remote site. Since this activity occurs off premises, you need to also control who can view such data.
  • Protecting data: Too often, critical computer systems are left unprotected and easily hacked because of the failure to change the password that came preloaded on the system. Hackers know and exploit this vulnerability with the greatest of ease. You should adopt procedures to ensure that passwords across your enterprise are changed at regular intervals, especially after employee or vendor turnover.
  • Staying up to date: Make sure you are running the most up-to-date version of your software. Software developers constantly discover new vulnerabilities in their software’s code and will forward patches to fix those problems. Hackers take advantage of companies that haven’t patched their systems. Be sure you are patching all of your software at regular intervals.
  • Training staff on cybersecurity policies: Inform and train your employees on who has cybersecurity responsibility in your operation. Who in the organization can give or has authorization for internal access to your systems? Who can give access to service technicians and other third-party vendors? If there is turnover in a position that has cybersecurity responsibility, be sure to change passwords or codes once the person leaves the position.

Taking the time to identify cyber risks and developing a plan to mitigate them will go a long way towards protecting your business and your customers. The National Restaurant Association has a free guide, “Cybersecurity 101: A Toolkit for Restaurant Operators,” to help you implement an enterprise-wide cybersecurity program.

The guide is based on the National Institute for Standard & Technology’s Framework for Improving Cybersecurity in Critical Infrastructure (“NIST Framework”). At the Framework’s core are five steps: identify, protect, detect, respond and recover. Focusing on these five functions can help you create a cybersecurity blueprint for your restaurant.

To get more information, visit Restaurant.org/Cybersecurity.

Conserve RSS Healthcare RSS Conserve RSS

▲ Back to Top

We're glad you're here!®

® 2012-2017 National Restaurant Association. All rights reserved.

2055 L St. NW, Suite 700, Washington, DC 20036
(202) 331-5900 | (800) 424-5156