network security hero

What's Wrong With Your Network Security?

This whitepaper from IFBTA and Hughes details the steps you need to take now to mitigate your risks against data breaches, ransomware and malware infiltrations.

Cybercriminals are turning their attention to easier targets: chain restaurants, independent eateries, casual dining locations, and franchised quick service operations that are assumed to have insufficient cyber defenses. Restaurants are perceived to be easier targets due to their lack of on-site tech support and weaker network security capabilities and protocols. Consequently, a significant number of foodservice companies are now being attacked, and discovering they lack adequate security to protect against data breaches, file extortions, or malware infiltrations. The fact is firewalls are no longer enough. For these reasons, the restaurant industry is currently deemed to be especially vulnerable to cyberattacks and unauthorized network access.

Due to the high costs of a breach (financially and otherwise), restaurants should mitigate their risks by regularly assessing the strength of their network security and cyber defenses. A reasonable starting point is to comply with PCI DSS requirements, which can help to mitigate financial liability in the event of a breach. Restaurants can also leverage the available cybersecurity resources from restaurant trade associations and the U.S. government. In addition, particularly if they do not have in-house resources, restaurants can seek guidance and solutions from third-party managed security services providers.

Cybersecurity Fundamentals

Cybersecurity refers to the practice of securing electronic devices connected to the internet from unauthorized access or the measures taken in pursuit of such practice. Cybersecurity can be categorized into several distinct types, including infrastructure, application software, network, and cloud security. Cybersecurity compliance isn't simply a collection of strict and mandatory requirements coming from regulatory bodies, but rather a function of protection measures aimed at businesses that are at risk of becoming a cyberattack victim. With respect to cybersecurity, compliance can be defined as creating a program that establishes risk-based controls to protect the integrity, confidentiality, and accessibility of information that may be stored, processed, or transferred. Cybersecurity compliance is not based on a stand-alone standard or regulation, but on layers of applied strategies. When a restaurant complies with cybersecurity requirements, the restaurant is communicating to its customers that it can be trusted with their personal information. The goals of both security and compliance revolve around managing risk.

Common strategies for cybercrimes include ransomware and malware. Ransomware is a form of malicious software that may lock or encrypt connected devices, data files, and network resources in a way that disables user access until a sum of money (ransom) is paid to the perpetrator. Security specialists claim cyber criminals have begun favoring ransomware over other disruptive formulations due to how well it works. According to Sophos State of Ransomware 2022, ransomware hit 66 percent of mid-sized organizations with an average payment of $812,000. A recent report by Scientific American noted that a primary ransomware target appears to be the restaurant industry. Research findings support the claim that cyber attackers choose a variety of ransomware strategies and monetizing scales based on the characteristics of the targeted operation. In some cases, cybercriminals have even reviewed the victim’s cyber insurance plan and then based their ransomware demands on coverage amounts. This level of deception and ingenuity makes ransomware a serious and significant security concern, leading to predictions that ransomware hacks on restaurants will likely multiply. Restaurants are wise to take necessary precautions to safeguard their businesses and avoid becoming victims.

Why is cyber protection so critical? Experts estimate that nearly 60 percent of companies go out of business following a cyberattack. Cybersecurity training and insurance can help limit damages and speed recovery.


Cybercrime, or cyber heist, is a corruption committed using an internet-connected computer or device. This broad definition includes any kind of wrongdoing including mass email broadcasts (spam), unauthorized access to data, and malicious intrusion with criminal intent. It also covers online postings involving libel, defamation, or hate speech, all of which are generally regarded as criminal.

As cybersecurity threats and data security events continue to evolve, determining the costs and resources necessary to respond and recover is essential. While outrageous incidents garner most of the headlines, attacks on small and mid-sized businesses, such as restaurants, often result in more harmful damages. The recently published 2021 Net Diligence Cyber Claims Study details actual losses for nearly 6,000 data breaches occurring between 2016 and 2020. Losses were attributable to various cybercrimes, including phishing, malware, ransomware, social engineering, and denial of service.


According to Security Pillars, businesses should implement the most appropriate cost/benefit combination of policies, technical defenses, and staff training to mitigate cyber risks. The greatest (and potentially most costly) threats should be the main focus. Businesses need to mitigate data breaches related to phishing, ransomware, scareware, social engineering, malware, and distributed denial of service.


There are many ways a system, network, or device can be attacked but by far the most common method is caused by phishing. Phishing is popular due to its simplicity and effectiveness. It targets the weakest link in a company’s security chain: its users. When a user falls for a phishing attack (e.g., clicking on an embedded link), they are essentially inviting the attacker inside their network. Phishers usually masquerade as trustworthy via an electronic communication. An effective tactic for restaurants to decrease cybersecurity risk is to regularly teach employees to avoid falling for phishing attacks. According to the 2021 Verizon Data Breach Investigations Report (DBIR) and 2021 Cisco Umbrella Report on Cybercrime (CURC), phishing remains a primary attack vector and a factor in nearly all data breaches.

Phishing takes its inspiration from baiting a line and attracting fish. Just as an angler uses a lure to entice fish to bite a hook, cybercriminals use probing scripts and hyperlinks to draw unsuspecting users to malicious pages or websites. Characteristics of phishing include an effort to encourage recipients to provide information by responding to a received message or clicking an embedded link. The phisher typically will be seeking sensitive data such as account numbers, passwords, or identity metrics. 

When it comes to creating and maintaining user awareness of phishing, it’s best to segment this criminal activity into three basic stages: imitate, motivate, and act. For this reason, cybersecurity professionals often consider phishing as a form of social engineering that attempts to persuade users to share private information based on interactive discourse.

Phishing via email is the preferred delivery format for an array of cybercrimes and fraud. Its versatility is what makes it a favorite among cybercriminals. The potential devastation it brings makes it a concern for security specialists.

At its most basic, phishing is a type of fraud that aims to lure the target into interacting with a deceptive message. While phishing attacks vary in complexity, many involve sophisticated techniques to simulate authenticity and relevance to an unsuspecting target. If the attack is intended to launch malware, just opening the message is often enough to deploy its cargo. Often message content may be designed to lead the recipient into performing an action that benefits the cybercriminal and compromises the victim’s security. Cyber experts at the University of Maryland estimate a new phishing attack is launched every 39 seconds. By mid-2020, researchers determined the number of daily phishing threats exceeded 25,000 a day, a 30 percent increase over the prior year. It was recently reported that globally 75 percent of businesses experienced some form of phishing attack in 2020.

Cybercriminals can produce extremely convincing fraudulent messages and attachments that can be a challenge for even cybersecurity professionals to detect. Many phishing attacks will include:

  • Uninvited requests seeking money or credit/debit card information
  • Attachment link format appears malicious or suspect

Since cybercriminals do not want to waste their time on victims who are unlikely to ultimately fall for a phishing attack, many include deliberate errors in their email outreach to avoid engaging with non-productive victims, including:

  • Language atypical of native speakers
  • Misspellings and grammatical errors
  • Inaccurate brand references (logo, colors, fonts, format, etc.)
  • Unprofessional layout or sloppy presentation style
  • Sender’s address, name, or email address tend to be off base


Ransomware involves exactly what its name implies. The theft or encryption of data, files, and system components for the purpose of restricting user access until a financial payment is made to remove the hold. Ransomware basically encrypts data and demands payment to decrypt it. In a double extortion ransomware attack, the cybercriminals not only encrypt the victim’s data, but they also copy the victim’s data to gain additional leverage by threatening to reveal the pilfered, confidential data publicly or to other hackers.

Ransomware has become the most significant cybersecurity threat impacting large and small businesses alike. A ransomware attack represents a low-risk, high-reward opportunity for cybercriminals as little effort is often required to access sensitive data in return for a reasonable bounty. Ransomware accounted for the largest number of incidents and has become more frequent and sophisticated, accounting for nearly one-third of all cyber claims. The most of any loss category.

The 2021 Verizon DRIB report noted that a large percentage of cyberattacks involved ransomware. This was double the number of incidents from the prior year. More than half of the ransomware attacks used a double extortion strategy in which data was filtrated and the threat of a public release was added to the amount of the ransom. The report estimates more than $123 million is profited annually by ransomware gangs. Additionally, the DBIR report noted 81 percent of business owners expect ransomware attacks to become more prevalent and complex.

Ransomware criminals often announce themselves by leaving a ransom note on a terminal screen or changing workstation desktop wallpaper to the ransom note. In the note, the perpetrators inform the victim that the data has been encrypted and states the amount of ransom payment. A typical ransomware demand may contain a message like the following:


Operators need to decide ahead of time if they might be willing to pay a ransom should the situation arise. Having to decide spontaneously at the time of assault to an active ransomware event is not wise. Some businesses decide it’s unethical to pay a ransom while others are worried about the potential resolution and repercussions. Experts advocate a strategy of maintaining a secure backup system of critical data that can be confidentially restored, in an acceptable time frame, should system servers become inoperable. The backup system should be tested to verify that the backups will work since backups are a prime target for cybercriminals. Backup procedures need to be protected from ransomware as well to avoid false confidence during a crisis situation.

The most common ransomware attack involves criminals repeatedly sending fraudulent messages from fake or compromised email addresses designed to look legitimate. Another common tactic is more sophisticated, specifically targeting networks or systems that have been identified as vulnerable. According to the NetSPI Ultimate Guide to Ransomware Attacks, cyber criminals tend to follow a balanced sequence of acquisition, encryption, ultimatum, payoff, and decryption.

Step 1 – Accessing Targeted Network/Data via Weak or Default Credentials

Step 2 – Escalating Intrusion to Databases and File Shares

Step 3 – Exfiltrating Sensitive Data from Targeted Network for Ransom

Step 4 – Deploying Ransomware (Locked Screen and/or File Encryption)

Step 5 – Seeking Ransom Payment for Decryption Key (File Releasing/System Access)

Step 6 – Threatening Additional Extortion via Exposure or Publication

Legacy versions of ransomware were designed to spread like a virus, or worm, collecting credentials and encrypting files along the way. Threat actors have become more sophisticated so that ransomware can now send a communication that enables the hacker to analyze and evaluate data and compute a more appropriate ransom. Operators who have suffered a ransomware attack point out that the time and cost of recovery and downtime expenses often exceed the ransom amount.

Many cyber experts discourage ransomware payments because they often fuel a threat actor’s ability to conduct future ransomware attacks. In NetSPI’s guide operators are cautioned that paying a ransom does not always resolve the issue. The report points out that the likelihood of getting all encrypted data back after paying a ransom is slim. In 2021, according to SonicWall’s Cyber Threat Report less than 10 percent of those firms paying a ransom received all files in return.


Scareware is a form of malicious software (malware) that uses social engineering to cause shock, anxiety, or the perception of a network threat to manipulate a user into purchasing unwanted software or paying to restore system access. Scareware typically produces frivolous alarm warnings, or threat notices, that cripple network functionality and motivate a user to take immediate action. The term scareware can be attached to any unauthorized computer application that causes significant network disruption It can inflict rogue security software, termed scam software, to trick a user into believing an application or network is corrupted, then suggesting the user download, and/or pay and download, a fake antivirus software to remove the blockage. Often the virus is fictional, yet the downloadable software is not and may in fact be unwanted malware. It is important to note that business interruption (75 percent), reputational damage (59 percent), breach of customer information (55 percent), data or software damage (49 percent), and extortion/ransomware (41 percent) were the top cited cyber loss scenarios recently reported. According to the Anti-Phishing Working Group, the number of scareware packages in circulation, totals in the tens of thousands with new forms continuing to evolve. The most common form of malware likely to scare the restaurant industry is ransomware.

Social Engineering

 Social engineering is the act of deceptively manipulating system users into performing actions or divulging confidential information contrary to a business’s best interests. Social engineering can be performed in person, using a paper-based mail delivery method, over the phone, or digitally online. Social engineering is one of the most problematic attack techniques to combat as it preys on human nature not technology skills. Research indicates that user education is most effective at stopping a social engineering breach as it raises awareness of attack recognition and the simple methods to thwart such attacks. defines social engineering as deception for the sole purpose of gathering information, fraud, or system access.   adds, it is the act of obtaining or attempting to obtain secure data by persuading a user to reveal secure information. This is not unlike phishing attempts. But social engineering is harsher and involves deception, fraud, and manipulation. The Verizon DBIR report defines social engineering as psychological compromise of a person that alters behavior into taking an action or breaching confidentiality. The report also mentions that social attacks as a pattern have continued to increase in the past 5 years, with breaches nearly doubling annually. Web-based email is a favorite target. Additionally, more than 80 percent of social engineering breaches are discovered by external parties

Cyberthieves design the interaction so that it seems natural, normal, or helpful to provide the requested information or to click a displayed link. Social engineering red flags (for example, hyperlinks and attachments) tend to be somewhat obvious. Social engineering has become a favorite attack method due to the low level of technical expertise necessary to execute an attack. The same is true for phishing attacks.

Denial of Service

A distributed denial of service (DDoS) attack is intended to cause interruption to system functionality. This cybercrime does not always involve theft of proprietary information, but rather to promote an unwanted social or political agenda. DDoS attacks take servers or networks out of normal operations. Such attacks involve overwhelming those servers with excessive traffic that can’t be contained. If a server is hyper-occupied dealing with an attack, it cannot enable system resources to do anything else. In a DDoS attack, cyberthieves drown the servers with huge volumes of bogus network traffic. The bogus traffic will bog down servers, preventing them from sending those alerts.

Restaurant Experiences

Cybercriminals consider many variables when choosing which businesses to attack. It is important to understand that attacks are both opportunistic and intentional. No industry is exempt from being targeted. Opportunistic attacks may target foodservice which traditionally have immature and underfunded cybersecurity programs and cannot afford downtime and therefore are more likely to try to resolve an attack quickly.

Fraudsters have found opportunities to target restaurants in new ways due to the unfamiliar nature surrounding the COVID-19 pandemic. Many of these types of scams revolve around people impersonating roles related to the pandemic, such as a health inspector or loan provider. Ultimately, these scammers are targeting personal data and credit card information, often over the phone or via email with a spoofed email address that looks official (e.g., phishing). warns that official organizations will not request proprietary information over the phone or email and that restaurant operators should never provide this information through those channels. It is often wise to contact the inquiring organization, through its official channel, to determine if the notice received is legitimate. cites impersonation of a health inspector as a common method of restaurant phishing. Amid the pandemic, cyber criminals preyed on well-intentioned employees through COVID-19-related schemes and malware minefields posing as COVID-19 relief websites. For example, cyber criminals sent emails to restaurant employees purportedly authored by the World Health Organization or the US Centers for Disease Control that contain malware embedded within attachments or bogus inks disguised as vaccine and treatment notes. Other phishing emails took the form of purported information on infection rates and related statistics.

A scammer can call, email, or arrive on site with claims of a health code violation and attempt to collect a baseless fine or gather personal information to be used later for identity theft. Even when a scammer doesn't have an official business card or paperwork, they can feed off an operator’s fear through an increased sense of urgency that forces a compromised situation. As suggests, foodservice personnel should not provide personal, business, or financial information on the spot. Instead, the owner or manager should take the time to contact the local county's health division or other relevant official. Do not trust contact information given by an uninvited visitor. Take the time to stop and think about whether the questionable interactions could be a phishing scam.

Cybercriminals may use social engineering on the restaurant staff to execute a successful phishing attack. Attackers may persuade employees to share or reveal network login credentials or other sensitive data or provide phishing emails with links to infected websites that harvest data. Phishing emails can also contain file attachments with malware that installs upon download. Equally as dangerous are malicious websites created by cyber criminals using domain names containing the words “coronavirus” and “Covid-19”. Well-intentioned employees seeking to donate to COVID-19 relief or simply get an update on COVID-19-related information may visit these websites via the restaurant’s network. Unbeknownst to the employee, the website may be riddled with malware.

According to the cyber security company Inky, researchers detected 121 phishing emails in an attack that originated from a compromised Mailgun email marketing account used by the foodservice chain. It found that of those 121 attacks, two were fake voicemail notifications with malware attachments (also known as vishing), fourteen impersonated USAA Bank and had links that redirected to a malicious USAA Bank credential-harvesting site, and the other 105 impersonated Microsoft and had links that redirected to a malicious Microsoft credential-harvesting site. Researchers said the bulk of the attacks impersonate Microsoft. The giant software company is often the subject of impersonations because Microsoft credentials are highly valuable.

The biggest threat from a cybersecurity issue is not necessarily the cost of correction and recovery, but the potential long-term effects on reputation. Many of these incidents were related to payment card security.

The common goal of a restaurant cyberattack is to exfiltrate the firm’s credit card and customer relationship databases. This attack is often achieved via malware attaching to the restaurant’s point of sale (POS) system. Malicious code then records transaction detail for transmission to an external, unsanctioned server. Restaurant POS systems are considered particularly vulnerable to ransomware attacks since they are an essential component in order production, payment processing, and sales revenue. In addition, POS applications can link to data analytics, inventory controls, financial accounting, and labor management. For restaurants, the threat of a ransomware attack may cause more immediate harm than a malware attack. That’s because a typical POS ransomware attack needs only minutes to execute, shut down operations, and effectively bring the business to a sudden halt. By comparison, a malware attack must remain on the target’s network for quite some time, often months or years, while it syphons off sensitive data.

POS ransomware isn’t simply about paying to get data back, it’s about paying to regain access to the POS systems. Cybersecurity Ventures, which predicted global ransomware-related damages to reach $20 billion in 2021, offers the following best practices aimed at helping operators minimize or avoid POS ransomware attacks.

  • Contract a managed security services provider that can provide 24/7 monitoring via a security operations center.
  • Adopt a software-defined branch networking strategy to standardize security measures across all outlets and maximize threat detection.
  • Segment network traffic to lock down POS systems from the rest of the network and implement a cloud-based managed firewall to protect traffic.
  • Invest in endpoint threat detection and response to shorten the active window of a breach and limit the damage.
  • Maintain PCI compliance as PCI standards provide an additional layer of security.

The above practices should be considered part of an integrated cybersecurity solution for a restaurant. Partnering with a managed security service provider can be especially helpful with stolen credit card data and related payment data.

The National Restaurant Association suggests several essential steps to protect a restaurant from cybercrimes. These steps involve identifying at-risk assets, protecting assets by leveraging access, detecting when a breach is present, responding by taking corrective action, and facilitating recovery and a return to normalcy. The NRA also points out that there are at least four ways a data breach can negatively impact an eatery, including:

  1. Investigations, fines, and remediation cam be quite costly.
  2. State breach notification laws may require informing customers of breach.
  3. Inevitable class action lawsuits tend to arise from data breaches.
  4. Inescapable brand damage and loss of customer loyalty.

Data Security

While often used interchangeably, data security refers to payment card data and cybersecurity refers to all other sensitive data that resides within a network. To emphasize the ongoing, persistent cybersecurity threat to the middle market, 98 percent of claims in this year’s survey ($589 million in total) came from small to medium firms.

Protective Actions

While there have been many published reports suggesting ways restaurants can reduce the risk of a cyberattack, the following items are almost always mentioned:

  • Inspect devices connected to any network to ensure updated security
  • Be sure passwords are strong (>12 characters) and stored securely
  • Provide a unique identifier for each system user to enable tracking
  • Implement firewall, and other software protection, on all devices
  • Train staff to identify possible phishing emails and other malware
  • Employees must limit or eliminate personal information shared online

Cyber Insurance

As mentioned previously, experts estimate that 60 percent of companies go out of business following a cyberattack. The expense of incident response, investigation, remediation, and recovery can be catastrophic. Plus, businesses don’t end up paying for an incident just when it happens. It can take months or years to determine the full extent of damage.

 Cybersecurity insurance helps to limit financial damage from a covered cybersecurity incident to the maximum of the agreed upon deductible. Just as important, when a user contacts the insurance company for a covered event, the insurance company will usually put the caller in contact with an expert incident response agent.

These vendors normally have extensive experience in minimizing the damage from a cybersecurity event and guiding quick but reasonable recovery times.

Although the cost of cybersecurity insurance has been increasing (due primarily to payouts involving ransomware attacks), it still ranks as one of the best coverages for the risks and cost of premium. Unfortunately, attacks have escalated in all industries and financial demands are getting much higher. Criminals know that more companies are buying cyber insurance, which has made them even aggressive. Some recent changes in the cyber insurance area include:

  • Reduced capacity: Insurance carriers are more conservative in underwriting coverage given the reality of a higher probability of paying claims.
  • Rate increases: Cyber insurance has increased 25 to 100 percent to account for higher, more frequent loss claims.
  • Underwriting scrutiny: Underwriters have gone from asking very little about a business to wanting to be much more knowledgeable about specific details.

Insurance companies have enhanced their application questionnaires to understand whether a company is at risk for ransomware and various other types of cyberattacks. Although the cyber insurance market has become more complex, it remains a key pillar of an effective approach.

FSR Magazine suggests that for most restaurants a minimum cyber insurance premium may be less than $100 per month to provide major protections and digital expert assistance. While policy costs will vary, they should reflect the level of cyber security needed in addition to embedded protection already in place (for example, firewalls and two-factor authentication). Cyber experts stipulate that what makes a good cyber insurance policy worth the investment is the quality of the response team that’s provided after a claim is filed.

Recommended Actions

Phishing, malware, ransomware, and social engineering attacks tend to rely on human error and vulnerabilities in restaurant cybersecurity protocols. With the increasing number of foodservice transactions happening online, opportunities for digital breaches rise. Industry experts suggest the following best practices to minimize or avoid breaches:

  • Update software applications and firmware on network devices;
  • Enable multi-factor authentication for all applications on all devices;
  • Secure application settings and administrative accounts;
  • Store data in a secure cloud environment and eliminate on-premises file servers;
  • Replace outdated firewall protection; and f) implement a secure off-premises backup procedure.

Cloud computing has also proven to be an extremely valuable strategy against threats. Companies can use the cloud to gain stronger control over data with increased access and visibility into information. With the increasing scale of many cloud providers, security capabilities that were once out of reach are now an option for many restaurants. That means a business can significantly decrease its cybersecurity risks and prevent many common phishing, malware, and ransomware scams.

Data Privacy Compliance

Data privacy compliance is the practice of following regulations set forth by corporate governance, industry organizations, and governments. These regulations dictate how sensitive data is collected, used, stored, and managed, among other requirements. Compliance is not security. It is taking accountability for meeting the mandates and specific security requirements. Compliance and risk management are closely aligned: Compliance with established rules and regulations protects restaurants from a variety of unique risks, while risk management protects against procedures that may lead to non-compliance. A common compliance risk is the violation of privacy laws. Hacking, viruses, and malware are some of the cyber risks that may affect eateries.


Cyber threats come in many forms, such as phishing, ransomware, scareware, malware, social engineering, and much more. Cybersecurity is the protection of internet-connected systems (or networks) and their hardware, software, and data from cyber threats. The practice is used by individuals and enterprises to prevent unauthorized access to data centers, cloud operations and any set of connected digital devices and systems. 

As larger enterprises make greater investments in their cyber defenses, criminals are focusing on easier targets, the small to medium sized business that may not have strong network security in place. These vulnerable businesses enable cyber criminals to make more money with less efforts. The restaurant industry – and every business owner, franchisor and franchisee associated with it – must be prepared to combat this growing threat.

Cyber Security Tips for Restaurant Owners in 2022

The food and hospitality industry is vulnerable to cyber security threats and attacks like as any other industry. Hackers literally have various dining establishments in their cross hairs. After recently being alerted by government officials, Red Robin Gourmet Burgers & Brews informed shareholders that criminals have targeted restaurants to mine personal data about staff and customers alike. Hence, cyber security directly affects the restaurant business as well as patrons. Losing customers’ personal information can potentially reduce a restaurant’s foot traffic. However, this predicament can be avoided if restaurant owners are proactive in securing the IT infrastructure which can save them a lot of money but most importantly, create a safe environment for their customers.


Cyber crooks are drawn to the food service and even hospitality industry primarily because of the high volume of credit card transactions that are regularly made. According to the latest Trustwave Global Security Report, the food and the beverage industry has accounted for 10 percent of data breaches in 2016. Breach in the PoS system has been made up for 75 percent of the cyber-attacks which has recently been brought to the attention of restaurant management nationwide. The most critical aspect of customer relations and loyalty is trust. All the attention from hackers poses a threat to the restaurant’s financial and reputation. Restaurants, hotels and other commercial venues are starting to understand how critical data security is for protecting their business and maintaining the trust of their customers.


When a customer enters your venue and takes a seat on one of your booths as he/she waits for service, the last thing that should be on their mind is their information being stolen by hackers. But the unfortunate reality shown by a Gallup poll states that 70 percent of Americans are concerned about their personal information being compromised, whether it be cases of identity theft or credit card fraud. Therefore, it has never been more important until now for restaurant owners to take necessary precautions and ensure the protection of their customers at all costs. The better understanding, they have of the importance of cyber security, the more they are likely to develop business solutions to assure the success and longevity of their venue.


More often than not, there have been reports of hackers posing as electricians or representatives from cable companies that visit venues and request for full access to their computer system. Once these rogue agents have access to the server, they are able to install malware or obtain credit card data, loyalty program information, and other sensitive files. Some hackers use social media to gather information about a person by creating a phishing scheme. Employees’ going through cyber security training is essential for the restaurant’s security. This training will alert them of warning signs, suspicious emails, and potential triggers of data breach. They will also be provided with the equipment to strategize and effectively implement preventative measures to counter other cyber-attacks. Besides waiting on tables, operational staff can serve as watchdogs if they know what to look out for.


Hackers frequently look for the biggest result that requires the least amount of work. That is one of the main reasons why data breaches of POS systems are one of the highest ranked. Consequently, cybercriminals are able to steal large amounts of personal information from a single system with very little to no effort at all! Avoiding this predicament demands that restaurant owners use the most updated POS system and meet government related PCI compliance guidelines. EMV chip card readers are highly recommended – a device that uses computer chips to authenticate and secure transactions made through debit and credit cards.

However, many small businesses, and restaurants in particular can be very hesitant to employ EMV technology for a myriad of reasons with cost being one of them next to the pressures of adopting new technology. Security is the concern that stands out from the rest. With incalculable cases of data breeches that surface the news every day making both the customers and staff vulnerable to having their information hacked, it’s no surprise that restaurant owners are very critical about the new technology they implement. While their reluctance is understandable, EMV cards are rapidly becoming a global standard for all payments and processing them. The shift of EMV compliance is therefore becoming compulsory for restaurant POS systems.


Investing in an IT provider with expertise and experience in the technology industry may be one of the best business decisions you can make. Finding a competent third-party vendor to install and host all IT necessities from well protected POS systems for restaurants, Wi-Fi networks to security systems. With a trusted IT professional, restaurant owners can build their confidence and knowledge of all the technology components along with the reassurance that they are in the safe hands of an expert who understands the intricacies of cyber security the best. It’s always good to have someone on stand-by when an IT issue arises. Someone who understands the problem can easily resolve it so nothing is compromised.


Many restaurant owners do everything in their power to prevent data breach, but they unfortunately sometimes fall victim. Attacks from cyber criminals have a devastating effect on the business be it loss of reputation, declination of customer loyalty, and additional fines that can cause damages beyond repair. It is best business practice to have a well thought-out and effective communications crisis plan in place for these dilemmas. Should and when a data breach occurs, you can take immediate action to provide customer support and sustain your brand reputation.

Transparency is paramount to informing your customers about the threats of data breach by hackers. Providing your customers with the details in that regard will assure them that the issue is being addressed and solutions are in progress. A leadership team member should be designated to address this crisis to the public in order to prevent the leakage of confident information. In doing so, everyone involved with awareness of the situation knows that the vulnerability is coming from a reliable source. Updating patrons on the recovery process tells them that this calamity is being dealt with. Once all the issues have been addressed and that this quandary is now under control, you should notify your customers and explain to them the steps you have used to prevent the recurrence of this problem.

It literally takes hackers seconds to break into a restaurant’s computer system while reversing the repercussions of a data breach can take years. If not handled properly, restaurants may never be able to recover from this painful blow. By thinking ahead of time and taking action to secure all IT components, restaurant owners are not only saving their business but are also protecting the people who make it functional – that is being their customers.


About the Authors

Michael Kasavana is CHTP, CFTP MSU/NAMA Professor, Emeritus IFBTA Education; and Tim Tang is Director, Enterprise Solutions, Hughes Network Systems LLC