October 06, 2020

Digital Security Part 2: Protect your data

The tactics and tools you employ must be tailored to your operation, taking into account your tolerance for risk and your available resources.

Taking an inventory of your systems and networks helps you Identify how much risk you face. In this Protect step, we’ll look at some quick ways you can substantially reduce your vulnerability, including:

  • Limiting access to information, data sources and equipment such as servers, either through explicit policies or passwords.
  • Training staff on your data security procedures and policies.
  • Ensuring that your systems are running the most up-to-date software.
  • Implementing steps to protect your most sensitive data.

Tomorrow, Watch for Digital Security Part 3: Detect odd activity

Follow best practices

Every business is unique with different point-of-sale systems, different operations, processes and stored information beyond the payment card data you retain. To be effective, the tactics and tools you employ must be tailored to your operation, taking into account your tolerance for risk and your available resources (do you have a dedicated IT person or department?).

While there isn’t a single solution, we know that the vast majority of targeted cyber-intrusions could be prevented by incorporating these simple, best-practice mitigation strategies:

Limit access: You should know who has access to your equipment and data sources. By limiting who can use or log into your restaurant’s computer server, for example, you can prevent a rogue or careless employee from inadvertently downloading hostile or intrusive software, including computer viruses and other malicious programs.

Controlling access applies to remote interactions as well. Many POS systems allow individuals to view the day’s receipts from a remote site. Be vigilant and control who can view such data.

Hackers may find smaller restaurant operations more attractive because these businesses often allow users to access data remotely and they tend to lack full-time IT support.

Train staff: Employees should be informed about who’s responsible for your systems, and who can give authorization for internal access by employees as well as access to service technicians and other third-party vendors, including distributors.

Update your employee information and change passwords or codes regularly and especially if there’s turnover in a position that has cybersecurity responsibility. You don’t want former employees to have access to your information.

Download patches: Protect the data your software collects by making sure you’re running the most up-to-date version of your software. Hackers also take advantage of companies that haven’t patched their systems. Put systems in place to ensure you’re downloading patches for all of your software regularly.

Change passwords: One of the most common ways hackers get into computers is due to weak passwords or passwords that came preloaded on the system. Protect your data by changing passwords regularly too, especially after employee or vendor turnover.

Protect payment card data by complying with Payment Card Industry Security Standards Council (PCI SSC) standards. All merchants that process, store, or transmit cardholder data from American Express, Discover, JCB, MasterCard and Visa International must comply with these standards.

If you don’t, you might face steep fines from the card brands, even if your operation is merely accused of a breach. You can find out how well you’re adhering to the standards by taking PCI SSC’s Self-Assessment Quiz.

Look at all the systems you inventoried in the Identify function, then make sure you’re taking steps to protect each of these data sources.

Get the Free Guide—Digital Security 101: The Basics for Protecting Your Restaurant’s Data

The National Restaurant Association has adapted keystone data safety precautions—developed by the National Institute for Standards and Technology—specifically for the restaurant industry. Fill out the form below to download your free copy!