Home / Digital Security Part 4: Respond quickly to data threats
Plan in advance how you’re going to respond to a data breach or a cyberattack on your systems; time is critical.
Using the NIST Cybersecurity Framework, you’ve learned to identify digital risks to your business, protect your computer systems, networks and data, and detect intrusions. Now you need to plan how to Respond in a worst-case scenario.
Preparing yourself to act will save you time, money and stress, and mitigate further damage to your restaurant business.
To respond to a data breach, you’ll need to work with IT professionals—in-house team member or external consultant—to round up answers to the following questions, among others:
Your answers to these questions will set the stage for your next steps. As noted earlier, most states have data breach notification laws which you’ll have to follow. Familiarize yourself with your state’s notification requirements. Federal laws and regulations may also be relevant, including the Federal Trade Commission’s enforcement authority.
Other response requirements may be spelled out in contracts or agreements with third parties. If the compromise involves payment card data, your card brand will have specific guidelines for you to follow. For example, you may be asked not to turn off, access or alter the compromised systems.
You should preserve all logs, document all actions you take and alert appropriate incident-response personnel, including your merchant bank and law enforcement.
Find out how third-party suppliers like the loyalty card company you use protect your guests’ personal information and be sure to review their processes throughout the life of your contracts with them.
Be sure to ask them about their security and privacy policies and talk through what happens if there’s a breach. You also may be able to negotiate indemnification for liability and costs in your contracts.
Simply having the cell phone numbers and emails of key people to contact in the event of a breach can save precious time.
Your first call after detecting an attack or breach should be to a lawyer who is well versed in cyber-crime. After that, all activity should be run through the attorney.
Your communications with your attorney or law firm will be protected by attorney-client privilege, and these experts will be able to work with you to mitigate the impact of potential lawsuits.
The National Restaurant Association has adapted keystone data safety precautions—developed by the National Institute for Standards and Technology—specifically for the restaurant industry. Fill out the form below to download your free copy!
Putting a plan together in advance will help you recover faster after responding to a data security breach or attack.
Look for the signs that will help you catch breaches before more damage is done.
First identify digital assets at risk for data breaches; then use this framework to plan out how to protect them.