What to Know to Avoid a Restaurant Data Breach
There have always been people that have looked to exploit vulnerabilities in technology. Cybersecurity attacks come in all shapes and sizes, from personal attacks aimed at discovering peer-to-peer information in identity theft cases, to more significant instances of fraud. Many restaurants continue to evolve to include more and more tech, moving ever further away from paper tickets and the call-and-response system between the front and back of the house. As restaurant technology becomes ever more sophisticated, the possibility of a restaurant data breach increases exponentially.
A Look Back On Restaurant Data Breaches
The earliest antecedent to modern telecommunications, the first reported incident of hacking was in the 19th century when the Bell Telephone Company was the subject to outside interference. By the 1960s cybersecurity attacks grew to match the then-nascent rise of computing and the internet. Modern technology has become more mobile, collecting larger stores of information than before, while developers have improved connectivity.
That technology has crept into the restaurant space to include kitchen display systems (KDS), front of house systems (FOH), point of sale devices (POS), and waitlisting/reservation apps. These devices have streamlined restaurant efficiencies while enhancing the customer experience. Unfortunately, they’ve also opened the door to potential hackers, probing for opportunities for a data breach.
Currently, someone is hacked around every 39 seconds, from personal accounts to businesses, and beyond. Over the last several years, hackers have found opportunities to abuse system weakness, causing restaurant data breaches in POS systems. As those systems are in place to collect revenue, hackers were able to scam thousands of dollars worth of money from companies ignorant of the situation.
Who is Responsible for your Restaurant Data Security?
The longer you utilize restaurant technology, the more robust your dataset becomes. In some ways, this is useful information that can benefit operators through business intelligence tools, machine learning algorithms that can help you calculate your maximum success through statistical data. That information is often cloud-based, meaning that it exists spread across a network of computers (think Netflix) that host your data.
The bad news is that as the owner of that data, you are liable for the safety of that information. The good news is that your liability has limitations that involve your implementation of proper data security measures and of your efforts to remain forthright and transparent after a data breach.
Keep in mind that you may be held responsible for the loss. You may be audited or taken to court. But there are ample ways to mitigate cybersecurity breaches, some of which come standard in the technology that you likely already use.
Common Restaurant Cybersecurity Vulnerabilities
As noted above, there are a lot of points of entry for hackers looking to find a weakness in your system. Data breaches occur at an alarming rate across a variety of platforms, including your restaurant. Let’s look at a few of those access points to see what they are, why they are essential, and how you can keep them safe.
Kitchen Display System Hacks
Kitchen display systems are tools used in the back of the house by the cooking staff to streamline their order process. Order screens show you what each customer orders, how long it takes, and gives preparation instructions to your team. The end goal is for food to come out at the same time, making each meal fresh and enhancing the customer experience, while allowing the kitchen to keep a lot of balls in the air at once in terms of order volume.
So far, hackers haven’t expressed an interest in breaching KDS tools, whether that’s from the pre-existing firewalls built into the devices, or something else. Hacking a KDS could foment discord in the kitchen, confusing dutiful staff, and lending a bad reputation to the restaurant, although in most kitchens correspondence between the front and back-of-house should alleviate any of this confusion.
Front of House Hacks
Your FOH devices like guest management systems are primarily for the wait and hostess staff to help with seating and order delivery. These systems vary in shape and size but are often configured to let you know the arrival, open menu times of your guests, and when a table is vacant, but still needs to be bussed. At the moment, there is nothing to indicate any FOH hacks have occurred, although, like kitchen display systems, this breach in security would only stir chaos and confusion.
Point of Sale Hacks
Perhaps the most common type of hacking occurs at the POS device. As noted above, POS devices include valuable customer payment data, information that hackers can exploit for personal gain. There are several weak points in a POS, allowing hackers to have control over any financial information entered into the system, including where that money goes.
Waitlisting/Reservation System Hacking
As you might expect, a waitlisting or reservation app allows guests to check-in or get on a waiting list in advance of their arrival. What you may not expect is that reservation or waitlisting apps serve as a particularly vulnerable or viable spot for hacker incursions. Last year, however, the company OpenTable was subject to one such restaurant data breach by a disgruntled former employee who spoofed accounts to fill up restaurants and waste the time of operators and staff.
A waitlisting breach is a unique case of hacking, but one to remain cautious of when considering who you grant access to your systems and why. Before or after that attack, there have been no reported efforts to breach waitlisting or reservation information.
Restaurant Cybersecurity Solutions
Outside of the kitchen, hacking and data security are matters of public and national history. For example, with the advent of self-driving cars, hackers have already found ways to enter into the navigation and re-route -or worse- the vehicle. Beyond that, hackers have used smart devices to track and follow users, from smartphones to baby monitors.
Corporations are eager to invest money into enhancing the available technology in restaurant spaces in a bid to look towards the future. Some of those innovations include smart menus, smart ordering systems, and robotics to help with food production and automated delivery. For operators, business intelligence or restaurant analytics tools, provide opportunities to monitor the business either through historical data or in real-time. In every case, with new technologies, comes new concerns.
As part of your business strategy, make sure that you keep a robust and evolving set of passwords, the front line to data sanctity. Account for legal and technical expenses that may occur while your technology is monitored; if you do not need to spend that money, it’s a bonus later on. Build a good rapport with the companies and resellers that you work with, so that you can ensure that you and your team have the resources to provide excellent security should the need arise.
From supply chain innovations to AI tech, the pandemic has afforded new opportunities to hackers. To comply with social distancing standards set to mitigate the risk of infections over the pandemic, many restaurants have instituted contactless technologies. This tech reintroduced QR codes to the public eye, which some unsavory hackers have begun exploiting. Fortunately, the technology itself is safe and there are some easy solutions available to manage your restaurant loss prevention strategy to better protect your organization and your guests.
Restaurant Data Breach Conclusion
Cyber attacks happen all the time and that number only grows. There are always new things that can and should likely scare you, but the fact that people are already considering how to thwart any possible cyber-attacks should illustrate the futurism of the IT community. Your IT team should look for practical and affordable solutions, continually assessing data security while balancing business efficiency and data security.
Ultimately, the silver lining is that with more data incursions, comes more opportunities for IT professionals to learn how to stop these attacks. As an operator, there are a host of things you can do following a breach to help, including transparency to your guests, brand rehabilitation, and incentive programs. Staying in front of an issue and accepting ownership begins the process of redeveloping the trust of your guests.
This article was originally published on June 4, 2019. We’ve updated it slightly to keep it contemporary. Subscribe to our blog to get these articles delivered right to your inbox!
Subscribe to the blog for more interesting restaurant content!
About the Author
Syd is a content marketing specialist, which are fancy words for writing pretty to tell a good story. He likes writing things about food, drinks, and music. He’s a musician himself, a father of two, and loves his wife a whole lot.