Controlling Restaurant and Hospitality Cyber Exposures

November 19, 2019
browser coffee cup

As the restaurant and hospitality industries embrace new technologies, they’re also facing new threats. Cybercrime is on the rise, and businesses of all sizes are attractive targets for hackers.

Abundance of Data Tempts Hackers

Long gone are the days when customers ordered in person or over the phone and paid with cash. These days, everything is done digitally. People place orders and reserve hotel rooms online. They use credit cards or other electronic means to pay. They create accounts that store their information for them. The rise of delivery services means that more and more people never even step inside the restaurants they patronize. Everything is done from home, via a smartphone app or computer screen.  

All of this is very convenient, but it also yields an abundance of data that is very tempting to hackers. A data breach could expose customer information, putting customers at risk and your company’s reputation and profitability on the line.

According to Total Food Service, Panera Bread, Arby’s, Dunkin Donuts, Chili’s and Sonic, among others, have all experienced data breaches.   

Ransomware Shuts Systems Down

In 2017, ransomware infected a hotel in Austria. According to Forbes, the hackers were able to take control of the key card system and lock guests out of their rooms. The hotel paid around $1,600 to the hackers to regain control of their computer systems.

Since then, the problem of ransomware has only gotten worse. The FBI recently warned that “Ransomware attacks are becoming more targeted, sophisticated, and costly, even as the overall frequency of attacks remains consistent.”

As the restaurant and hospitality industry becomes more and more digitalized, cyber risks become more of a threat. Hackers could disrupt systems used to place orders, make reservations and take payments. Or, they could even lock guests out of their rooms, as the Australia case illustrates.

Protect Your Business

Data breaches can stem from multiple causes, including hacking, malware, employee error, employee malice and physical theft.

According to the FBI, cyber criminals will use three main techniques for infecting victims with ransomware: email phishing campaigns, software vulnerabilities and remote desktop protocol vulnerabilities.

To defend against these attacks, it’s important to focus on both computer issues and employee issues.

  • Educate employees on risks and how to avoid them. This includes everything from recognizing phishing scams to preventing theft of laptops and other equipment.  
  • Use safety measures including anti-virus software and secure networks.
  • Install security patches as soon as they become available. Hackers often exploit vulnerabilities.
  • Limit access. Use strong passwords, and change passwords after employees leave.
  • Back up files regularly. 

Companies must also keep up with new regulations governing data and data breaches. Multiple states have passed data breach notification laws that require business to take proper and prompt action after learning about a data breach. Laws to restrict how businesses collect and use data are also developing. The California Consumer Privacy Act, for example, goes into effect in 2020.

Even with the most proactive approach, breaches can and will occur. Ask the Heffernan Insurance Brokers hospitality insurance team to review your coverage and to explain your cyber liability insurance options.