PCI Roadmap: Smoothie King's Top Network Security Tips
The term "Security Breach" is a big, bad phrase that no restaurant brand wants to hear in the same breath as its own name. The real worry, however, lies in the effects a breach can have weeks, months and even years after the fact.
A substantial number of larger companies have tackled the many facets of network security within the corporate domain to help minimize the risk of a breach. Implementing PCI compliance initiatives has aided these companies in addressing security issues and encouraging franchisees to follow suit. Those that are franchisors, however, have significantly less control on the network and security management of franchised locations.
The Smoothie King brand has confronted the challenges of network security and PCI compliance with the help of the PCI experts at BHI SecureConnect. Laying a foundation for its franchisees to follow, the company has identified some of the most important ways restaurant operators can safeguard their network environments.
As hackers continue to take advantage of unsuspecting restaurant operators, the need for security measures and PCI compliance becomes ever more important. Many smaller franchisees feel they are in the dark to the vulnerabilities that exist in their restaurant environment. Despite its six year tenure, PCI compliance is largely a mystery to these smaller operators, simply because there has been little education provided. Without proper knowledge or understanding of network security, an owner's negative perception of PCI compliance and misunderstanding of its purpose is not surprising.
These owners are not computer experts, nor does anyone expect them to be. However, as a restaurant owner, the basics of security and compliance must be understood to successfully conduct business in today's world. Education starts within the restaurant environment. An owner should be familiar with their basic network setup and point of sale (POS) environment. Learning the role of these can help owners clarify the scope.
The Smoothie King brand is educating its franchisees through resources and tools provided by BHI SecureConnect. Helping restaurant owners perceive compliance as an opportunity to better their operation, Smoothie King will work with BHI to distribute PCI materials, conduct webinars and provide educational guidance throughout the year. Smoothie King hopes to better its entire organization with the implementation of proper security and compliance measures.
The introduction of wireless Internet in the restaurant environment has increased significantly due to its ability to attract guests. Commonly a weak point in an organization's security system, Wi-Fi is also an easy target for hackers. Many restaurant operators will offer Wi-Fi at their locations without knowing they are leaving the door wide open for a security breach. Smoothie King will offer SecureConnect Wi-Fi Hotspot in several of its stores to provide customers with secure Internet access. The managed Wi-Fi is properly segmented from the restaurant's private network in order to eliminate security issues that are posed with other wireless solutions. Properly secured wireless must be segregated from the POS environment to deter hackers from gaining access to sensitive credit card data.
PCI requirements also state that wireless networks should follow necessary WPA/WPA2 security protocol and be protected with strong passwords. Often restaurant owners choose a password that is easy to remember. For example, "12345" or "password" are commonly used passwords that almost beg a hacker to steal information. Although a wireless network may seem harmless, hackers are constantly on the prowl for easy targets like this.
Data theft is not limited to the POS environment. Although we often associate breaches, scams and theft attempts to hackers, there are other threats that compromise sensitive data as well. Employees should be trained in regards to proper card handling practices and understand the damaging effects of a breach. Everyone likes to feel important; assign employees with a mission to protect the restaurant environment. Empowering employees with a purpose like this is often beneficial to their performance as well.
Although these three points highlight some of the ways a restaurant operator can safeguard their network environment, this just begins to address the numerous layers to PCI compliance. For example, in addition to proper training, limiting employee access to sensitive information is a proactive and necessary step for compliance. Ultimately the safety of a customer's cardholder data is the responsibility of you, the restaurant owner. As a restaurant owner, doing everything on your own is neither realistic nor cost effective. Partnering with a vendor that can provide resources and expertise can help make your PCI compliance initiative much more successful. For Smoothie King, BHI SecureConnect is helping ensure that franchisees are appropriately educated and follow the proper steps to achieve security and compliance.
Russell Dardenne is the IT business solutions analyst for Smoothie King Franchises Incorporated and has been with the company for four years. Dardenne has been in the hospitality industry for more than 10 years with experience in many aspects of the business including store level management, corporate operations and information technology.
Combat Theft & Lost Profits