Group of People

Data security plans require diligence and updating as your operation and employees change and as you add or change software and hardware.

If your restaurant is hit by hackers, how will you get back to normal? 

The Recover function of the National Institute for Standards and Technology Cybersecurity Framework not only helps you bounce back from potential disaster but also calls for learning. 

What lessons can you apply to your operations to avoid future breaches and attacks? 

Think about the steps that you’ll need to take to earn back the trust of your customers. That alone will likely strengthen your resolve to improve your data security procedures and pay more attention to the first four functions of the framework, Identify, Protect, Detect, and Respond

You need to consider, too, the financial resources it could take to recover; data breaches are expensive. It may be worth considering cyber liability insurance so that you have an extra layer of financial protection. 

As noted in prior sections of this series, returning to normal after a breach can be a lengthy process. Here are some questions you should be prepared to answer: 

  • Have you fulfilled all of your legal obligations, including notifying law enforcement and your customers? 
  • Are you prepared for a slowdown in business due to the breach impact? Look for ways to trim expenses and increase your promotions.
  • Are you prepared to deal with employee terminations? You may need to take action against an employee who was negligent or violated your data security policy. 
  • Have you considered hiring a public relations firm to help you rebuild your reputation? 
  • Have you changed your passwords, and updated your software and hardware? (See Protect.) 
  • Have you considered hiring an IT expert to conduct a security audit to prevent future incidents?

One key thing to remember about a data security plan built on the NIST framework is that it’s never complete. Like the Hazard Analysis Critical Control Point plan that keeps your food safe, it requires constant tweaking as your operation changes and grows. 

Like adding a menu item to your HACCP plan, adding a new computer or software program, changing ISP vendors, or hiring a third-party customer loyalty program administer all require attention and changes to your data security plan.

Get the Free Guide—Digital Security 101: The Basics for Protecting Your Restaurant’s Data

The National Restaurant Association has adapted keystone data safety precautions—developed by the National Institute for Standards and Technology—specifically for the restaurant industry. Fill out the form below to download your free copy!