Protect your restaurant data

To help restaurateurs avoid data breaches and the troubles they bring, the National Restaurant Association adapted the National Institute for Standards and Technology’s Framework for Improving Critical Infrastructure Cybersecurity.

However you handle your data—pay transactions, payroll and human resources records, inventory management, or loyalty programs—cybercriminals and hackers can attack you where you’re most vulnerable.

Phishing, ransomware and malware are just some of the ways cyberthieves can access and steal your valuable data. Recovery is expensive—financially and in loss of reputation.

To help restaurateurs avoid data breaches and the troubles they bring, the National Restaurant Association adapted the National Institute for Standards and Technology’s Framework for Improving Critical Infrastructure Cybersecurity.

Two guides—a 101 base intro to cybersecurity and the deeper-dive 201 specifically tailored to cybersecurity for restaurant operators—were initially released in 2017, and were based on NIST 1.0. The Association updated 101 in 2020, and now debuts 201, which was adapted to reflect NIST 1.1.

Digital Security 101 examines the NIST Framework’s five core functions, and offers quick overviews of how to:

1. Identify vulnerabilities in your systems, personnel access, software and hardware.
2. Protect against these risks.
3. Detect attacks on your computer systems and networks before the damage is done. 
4. Respond to a data breach or cyberattack on your systems or networks.
5. Recover faster after responding to a data security incident.

Digital Security 201 showcases in detail the key steps restaurant IT personnel should consider when putting a cybersecurity plan together, rating them on a scale of criticality from Urgent to Complementary.

The update reflects new additions to the NIST 1.1 Framework, such as:

• The critical necessity for multi-factor authentication in transactions and data access
• A new section to Identify protocols that help you vet the security of supply-chain partners

The following are examples from each of the five functions deemed Urgent to complete in your cybersecurity setup protocols:

IDENTIFY
You’ve mapped out how your organizational communications and data flow

Questions to ask: Has someone with IT experience diagrammed how information moves through your operation? For example, credit card information moves from POS device to server to processor, etc. Has an IT expert drafted network diagrams? Have these been updated? Who has access to them?

Anticipated outcomes if you complete this action: Your operation should prepare and periodically update a document describing the information flow within the business and how IT software, hardware, and personnel support that information flow. The document should describe how this information supports your business and describe the relative risk to the business if this information is compromised.

PROTECT
You are managing remote access

Questions to ask: Are you managing remote access to your systems? Do you require third-party providers to use unique, individual logins? Are you managing third-party data connectivity? Are you limiting third-party access to only those systems they need to access? Do you keep a log of who’s accessing your system?

Anticipated outcomes if you complete this action: Remote access includes internal business connections, service providers and third-party data connections. All these connections should require unique credentials for each user with access. All access should be limited to only the hardware, applications or data required. All activities performed remotely should be logged. All access to the Payment Card Industry (PCI) cardholder data network should require two-factor authentication.

DETECT
You are monitoring systems to detect potential data security events

Questions to ask: Are you monitoring your network to detect potential cybersecurity events? Are you segmenting your networks based on the classification levels of stored information? Are you reviewing user accounts and disabling those that are no longer being used or are no longer associated with a business process? Do you encrypt sensitive stored information and require a multi-factor authentication mechanism to access it?

Anticipated outcomes if you complete this action: Protects information stored on systems with file system, network share, claims application or database-specific access control lists. Only authorized individuals should have access to the information. Monitors account usage to determine dormant accounts and notify the user or user’s manager. Disables such accounts if not needed, or documents and monitors exceptions (e.g., vendor maintenance accounts needed for system recovery or continuity operations). Requires that managers match active employees and contractors with each account belonging to their staff. Security or system administrators should then disable accounts not assigned to valid workforce members. Ensure that all account user names and authentication credentials are transmitted across networks via encrypted channels.

RESPOND
You execute your response plan during or after an incident

Questions to ask: Do you have a response plan and are you following it?

Anticipated outcomes if you complete this action: If you have a plan in place, the effects of cybercrime will be shorter, your response will be more organized, and your external and internal customers are likely to be more satisfied that you are taking the necessary steps to resolve the breach.

RECOVER
You are managing public relations

Questions to ask: Are you managing the public relations fallout from the incident?

Anticipated outcomes if you complete this action: Customers fully understand that you are doing everything you can to mitigate the event.

Digital Security 201 is sponsored by Dell Technologies