Five Mistakes Restaurant Owners Make that Put Data at Risk

Handling electronic data is an unavoidable part of operating a business today, but what would happen to your restaurant if that sensitive information was the target of a cyberattack? The cost of an attack can be devastating. On average, a data breach costs a business $148 per record, meaning a breach of just 1,000 customers’ information could cost a business $148,000.  

Improving data security may not be at the top of many restaurant owners' to-do lists, but it should be. With the increasing use of credit card payments, delivery, and mobile and online ordering—where customers are providing their email and physical addresses—restaurants are a lucrative target for cybercriminals looking to profit from customers’ personal data and payment information. 

While data can never be 100 percent protected, you can make it more difficult for cybercriminals to access sensitive information by avoiding these five common mistakes.

Mistake #1: Using the same password for multiple accounts

Once a criminal has the password for one account, it’s easy for them to log into other accounts and steal data. 

• Don’t use default or common keyboard patterns for passwords (e.g., 123456, QWERTY)
• Create strong passwords by mixing upper and lowercase letters, using numbers and symbols, and avoiding common words 
• Use different passwords for different sites—you can use a password manager to keep track of them.

Mistake #2: Opening suspicious email attachments

Phishing, or posing as a trustworthy entity to trick the recipient into revealing sensitive info, is one of the most common ways criminals breach security. Phishing attachments can lead to malware, ransomware and stolen usernames and passwords. 

• Before opening an email, consider whether the message is from someone you know and if you’re expecting the email. If not, you may want to delete it or report it to your email provider
• Look for spelling errors or strange email addresses in the message, which may be a sign of a phishing attempt
• Do not click on any suspicious or unsolicited email attachments

Mistake #3: Sending sensitive data electronically

Emails and instant messages containing private information need to be protected because cybercriminals can intercept them and steal sensitive data, including customers’ credit card numbers or employees’ personal information.

• Password protect documents. Provide the password to the recipient in a secure way
• Encrypt emails containing social security numbers, financial data or passwords. Refer to your email provider for instructions
• Use OTR (off-the-record) messaging to automatically encrypt sensitive info sent via instant messages. Some messaging services have this feature built in, or it can be added as a plug-in   

Mistake #4: Not securing Wi-Fi networks

Wireless networks allow multiple users to connect at once, making them a goldmine for criminals looking to access data. Restaurant owners are increasingly at risk as they frequently offer Wi-Fi for their customers.

• Provide a separate Wi-Fi network for customers and designate a private network for business activities, so customers can’t easily tap into any sensitive information
• Secure both Wi-Fi networks with different passwords
• Hide your business’s private Wi-Fi network name—it won’t show up when customers are looking to connect to a network and tempt them to tap into it

Mistake #5: Not training employees on data security

Without a policy or training on cybersecurity, employees might not know what to do if they notice suspicious activity on company computers.

• Have a policy in place so employees know what constitutes a cybersecurity threat
• Encourage employees to report any suspicious activity, no matter how small it seems
• Remind employees about the dangers of weak passwords and the risk of online accounts being compromised

The takeaway? Awareness and action are the best ways to protect data and avoid a costly data breach, which can be devastating to a restaurant’s reputation and bottom line. 

Restaurant owners who want an extra layer of protection should consider adding cyber liability coverage to their current insurance plan. A good cyber liability policy will include data security and privacy coverage, plus response services from the moment a breach is suspected until it has been resolved. With some extra caution and a cyber liability policy as an added safeguard, you can feel confident that your restaurant won’t be toppled by a cyberattack.