My advice to restaurants owners on data security



Restaurant industry is one of the favorite targets for cyber hackers as it involves millions of credit/debit card transaction details yet follows minimal data security standards. According to Verizon’s “2015 Data Breach Investigations Report”, “the evolution of attacks against point-of-sales systems continued in 2014 with large organizations suffering breaches alongside the small retailers and restaurants that had been the cash cows for years.”

With the increased usage of digital solutions e.g. POS systems, wireless credit card processors, digital menu boards, security cameras, and online ordering platform, it has become easier for the cyber criminals to hack into restaurants’ systems through multiple entry points. Therefore, it is important to understand the risks relating to data security and start following best practices to keep systems secure and far from the reach of these hackers.


Data security: risks and implications

Whether you are a single-outlet or a multi-restaurant chain owner or a franchisee operator, network security should be one of the top priority failing to which your brand image and entire business can be negatively affected.


It can be argued that consumers have no liability for credit-card theft but it is a duty of merchants to protect the data as consumers may decline from dealing with a specific merchant if they feel that their data is not secure with that merchant. Last year, CM Ebar, LLC, the owner of the Elephant Bar Restaurants (“Elephant Bar”) alerted its customers about a security breach incident at several of its locations affecting payment card information of some customers (press release). Based upon an extensive forensic investigation, it appears that unauthorized individual installed malicious software on their payment processing systems designed to capture payment card information including name, account number, expiry date, and verification code. The malware could have compromised card data that made payment card purchases since early August. Similarly last year, a US-based sandwich restaurant chain “Jimmy John” confirmed that 216 of its stores were indeed hacked. Apart from business loss, data theft also results in heavy legal and IT management fees to protect the company’s identity and the brand image gets deteriorated in the consumer’s mindset.


Do note that the data theft not only means loss of data to cyber hackers but it also includes potential data sharing/transfer to unsecure hands through third-party-vendors or employees.


Prevention is better than cure


It is recommended to hire any network security architect to design your systems while it is also important to follow some basic guidelines to avoid data theft from your network.


1. Never use common passwords for all systems

It has been found out that several restaurants and chains use common passwords for all of their systems which are vulnerable to hackers. Sometimes these are the default passwords provided by the vendors or they are very simple to crack i.e. password1, 123456. Always use sophisticated and different passwords for systems and keep changing them regularly.


2. Always use licensed software

One of the ways hackers uses to get into your networks is to put some malware into your systems via unauthorized transactions, pirated software, or access to unsecured websites. Hence, it is recommended to use only industry-approved licensed software and keep them updated with latest versions.


3. Conduct regular scans of your network

Purchase a license for a reputable and professional firewall and mandate auto-scans every week to identify vulnerability in the system.


4. Make sure your POS system is updated

Several restaurants in India are still using old versions of traditional POS systems which can be susceptible to hackers. Do ensure that you use modern POS system which follows best security practices and uses data encryption for credit/debit card transaction records.


5. Use secure wifi system

If your restaurant uses innovative digital solutions (e.g. digital menu, wireless credit card machine, online ordering/payments) then make sure you are using a secured wifi hotspot solution to connect them with each other. You must also use mobile SMS-based authentication to provide free wifi to your guests.


6. Beware of phishing emails

Hackers keep sending phishing emails on official email IDs which might contain harmful malwares. Avoid accessing such emails, always scan attachments for viruses before downloading them on your server.


7. Restrict remote access

Keep the default firewall settings for only essential access and restrict access from remote locations and third-party-vendors.



Other Interesting Blogs


5 key learning from Google’s free wi-fi project at India’s railway stations

June 22, 2016

We just celebrated World WiFi Day on 20th June, 2016 with our new iconic township wifi project in Bangalore and the timely update on Google’s free wifi....

Read More

Co-working spaces in cafes/restaurants are trending - Are you one of them?

Feb 3, 2016

If you are one of the café/restaurant owners paying fixed rental for your cafes/restaurants but more than half of seats ....

Read More

10 Reasons why providing free wifi can be a game changer for your retail business in India?

Dec 3, 2015

Customers now expect free wifi everywhere they go and appreciate the venues which provide them un-interrupted free wifi access...

Read More


Understand how FreeG WiFi can help your business grow

Know More