October 05, 2020

Digital Security Part 1: Identify your risk

The first step in preventing any loss is to identify the risks you face. Take inventory of all your systems and networks. You need to know what you have before you can protect it.

October is the “official” month to take stock of how securely you’re keeping your data. You don’t need to be a digital security technician to implement effective steps that limit access to your data from cyberthieves and other malicious actors. Computer system breaches can end up costing you tens of thousands in fines, fees and remediation, the loss of customers, and damage to your reputation and your business.

Tomorrow: Watch for Digital Security Part 2: Protect your data

The National Institute for Standards and Technology developed the Cybersecurity Framework for Critical Infrastructure and the Association adapted the NIST framework for the restaurant industry.

At the core of the NIST framework are five functions:

  • Identify
  • Protect
  • Detect
  • Respond
  • Recover

The first step in building a plan to prevent any loss is to Identify the risks you face. Take an inventory of all your systems and networks You need to know what you have before you can protect it.

Ask yourself these questions:

  • What systems or hardware—like point-of-sale terminals—connect to your network, and what kind of information do they collect? What software do they run?
  • Do you operate a website, a mobile site and/or a mobile ordering site?
  • How are you connected to the Internet? Do you have a firewall in place?
  • Do you allow your employees to access your network remotely?
  • Where do you store the information you collect? How does it get there? Is it through an automated system or over a wireless system? How long do you keep the data?
  • What is your most sensitive data? Where is it stored?
  • Who has access to your data (including third parties like your credit-card processor, loyalty program administers or a part-time IT consultant)?
  • Who on your staff is responsible for data security and compliance activities? How are decisions on these issues made?

Answering these questions helps identify your risks and vulnerabilities, whether it’s a piece of equipment or a source of data. The Identify function helps you to determine how much risk you have.

Restaurants and other merchants are attractive targets for hackers because they process so many card transactions. But those aren’t the only vulnerabilities you have. As you consider your data risks, you will undoubtedly uncover other types of sensitive information that your restaurant holds.

Beyond payment card information, you may be collecting back-office information like restaurant financials and food costs, employee data (including social security numbers) and supplier information. The growth of mobile and loyalty programs in the restaurant industry brings risks. If you’re collecting customer data through a mobile option or third-party application, identify it.

Get the Free Guide—Digital Security 101: The Basics for Protecting Your Restaurant’s Data

The National Restaurant Association has adapted keystone data safety precautions—developed by the National Institute for Standards and Technology—specifically for the restaurant industry. Fill out the form below to download your free copy!