It’s a Tuesday afternoon and the lunch rush is in full swing at your store. Customers form four neat rows at the counter and a line of cars partially encircles the building, inching forward as your drive-through staff scrambles to fulfill each order. You are making the rounds between kitchen and counter, ensuring that all stations are running like clockwork.
As customer traffic slows and the store returns to its normal pace, you take the opportunity to duck into the back office and make a phone call. But as you reach for the phone it begins to ring. The caller identifies himself as a bank representative. Credit and debit cards used at your store have been traced to subsequent fraudulent payment transactions, indicating that your store has likely suffered a data breach.
How Data Thieves Sneak In
Security weaknesses can be the Achilles’ heel of an otherwise healthy business. Here are the 5 most common errors we see in our work with single-store restaurants and QSR franchises:
- Weak firewall defenses. Your store’s firewall is the first line of defense against hackers, but a firewall that is not properly configured is only slightly better than no firewall at all. Ensure that your firewall is not operating at its default settings and that the associated passwords are complex.
- Non-segmented networks. In a non-segmented network, all web-connected devices (POS, computers, security cameras, etc.) behave like people talking together in the same room. POS systems and any computers that pass cardholder data should always be on their own segment (e.g., in their own room), where they can only talk to your payment processor and they do not have open Internet access. A common mistake is putting public or customer Wi-Fi on the same network segment as the POS system. This effectively allows a hacker sitting in the parking lot to hack in and install software for collecting your sensitive data.
- Outdated POS systems. POS systems that are not kept updated or that use old technology are a common source of entry for hackers. Your POS systems should encrypt credit card data at the point of swipe, then send that information directly to the payment processor, without first going through a back office computer (this is an important data safeguard). Also, your POS must be PCI PA-DSS compliant at its current version; otherwise, you are at risk of a breach.
- Unsecured remote access systems. Most restaurants have a need for systems to be accessed from the outside—managers need to access back office systems from home, vendors need access to systems for troubleshooting, etc. Access should be limited to secure methods like remote VPN, and passwords should be strong, not shared and changed regularly.
- Unaware employees. Employees often will not question an official-looking person “servicing” your POS systems unless they have been trained to be skeptical. Would one of your employees pick up a USB drive left at a table and plug it into a computer to see what is on it? Set time aside on a regular basis to talk to employees about security best practices and areas of concern.
Don’t let security weaknesses jeopardize your business. Know how your customers’ information passes through your system, maintain secure technologies and best practices, and regularly educate your staff.
Want to learn more about protecting your restaurant or franchise business? Click here to learn more about ControlScan or give us a call at 800-825-3301, ext. 2. We are happy to help.
