Why Restaurants Must Evaluate IT Risks

With wages and food costs accounting for close to 70 percent of operational expenses, most restaurateurs are constantly looking for ways to reduce costs and increase profits. One critical area that’s often overlooked is reducing IT risk. Risk-informed decision making (RIDM) is an appropriate approach for restaurant businesses to take in regards to most angles of operations. However, many companies don’t embrace this school of thought when it comes to reviewing and formulating IT policy and planning expenditures.

First and foremost, failing to achieve or maintain PCI compliance will result in serious fines for any establishment. From back office and POS systems to wireless connections for guests, there are a variety of areas where sensitive data could potentially be compromised. Without effective policies and technology in place, PCI compliance and proprietary information are endangered. When processing information and transactions some data may be stored long-term, so maintaining security and PCI compliance in this area is critical. Restaurants with multiple locations to support should also look closely at risk-informed decision making for addressing and managing IT concerns. 

Restaurants with multiple locations to support should look closely at risk-informed decision making for addressing and managing IT concerns. 

Areas of vulnerability will also vary by the size and type of business. A professionally conducted Risk-Informed Decision Making Assessmentcan help identify the most critical IT risks an individual organization may be facing. These unique cyber risks can help management and stakeholders create a risk-informed checklist for all IT-related actions required to operate the business. With this in hand, management can effectively determine how much risk the business can afford. Conducting a risk assessment will allow for prioritizing the greatest exposure risks, and then make intelligent, informed decisions on where to spend money.

Restaurants require extra risk management as there are a variety of concerns to be addressed. First, allowing public into the establishment requires all of the business’ electronic devices to be physically and virtually secure from tampering. Devices are used to take inventory, track orders, and provide sales data as well as process financial transactions. Increased use of devices like tablets for ordering can sometimes place networked devices into consumers’ hands. Additionally, many people are involved in the chain of payment, creating opportunities for fraud or theft.

All of the concerns listed here must be mitigated to reduce risk for data compromise. Solid risk-informed decision making and actions allow higher risk to be effectively managed, freeing up time to focus more fully on the business of serving customers, reducing costs, and increasing profits.