16 May 3 Security Steps Restaurants And Retail Businesses Should Take To Protect Themselves
Over 48% of small businesses do not believe they are at risk for fraud attacks, but earlier this year, over 137 restaurants across the Midwest were affected by North Country Business Products data breach.
“On January 30, 2019, the investigation determined that an unauthorized party was able to deploy malware to some of North Country’s business partners restaurants between January 3, 2019, and January 24, 2019, that collected credit and debit card information.” (https://www.bleepingcomputer.com)
Data breaches like this can be devastating for small businesses, and it can be challenging to know what to do to protect yourself when even the security experts fail. Data threats should be taken seriously, particularly for small businesses, as it may only take one breach to lose trust and credibility. In fact, some companies are forced to close their doors within the first six months after falling victim to a breach.
So what can a business owner or general manager do to protect themselves from this increasing risk? Don’t worry; we have three steps your business can take to protect yourself and minimize the risks of a data breach.
#1 Security starts with employees
As a business, it’s good practice for any business is to have different levels of clearance on your internal networks and hardware, from your point-of-sale system and any office computers. The cook, waiter, and restaurant manager should all have different permissions on what they can and cannot access on every device. Only the appropriate staff should be able to access the most private internal networks of your POS system, and business computers use.
Procedures all employees should follow
Policies and procedures must be created for employees surrounding security, and proper training must be provided to ensure everyone understands and follows them.
- Locking internal and external devices
- Not using an internal network on personal devices
- Logging in and out of internal devices
- Not installing exterior software
For instance, employees logging in and out of every device used at work, and changing passcodes are good first steps to protecting your business from any security breach. Requiring passcodes and lot leaving devices logged in protects your POS system from anyone coming in and accessing the private information or installing malicious software on your network.
Additionally, utilize different types of security clearance with varying levels of permission. General staff should not be able to edit security privileges inside your POS system, but the General Manager might need access to make changes as required.
Training staff on foundational aspects of security is the first line of defense in protecting your business from a data breach. Always lock down all of your devices at the end of the workday and make sure employees log in and log out before accessing any company device. Remember, security is only as good as your employees, so enforce proper expectations within your business.
#2 Following PCI Compliance
Perhaps one of the most significant ways to track how well your business is protecting safety information is to follow the Payment Card Industry (PCI) Data Security Standard. The entire purpose of the Standard is to protect customers’ sensitive data and hold businesses accountable for how they handle payment information.
The critical recommendations for restaurants, bars, and retail shops are as follows:
- Maintain a secure network
- Protect cardholder data (from external and internal threats)
- Protect systems against malware
- Set up strong access control measures
- Monitor and test your networks
One of the best ways to protect any information that passes through your business is to go beyond just running everything that touches sensitive data through a secure network.
Implementing a firewall can do a lot to protect your business. In fact, when it comes to PCI Compliance security standards, firewalls are strongly encouraged to have in place. A strong firewall and using a virus protection software can prevent malicious criminals from gaining access to your point-of-sale system.
A lot of these things may seem complicated, but working with the right provider can make it easy. BNG POS proudly provides enterprise-grade firewalls which allow for secure segmenting of multiple WI-FI networks as well as continuous monitoring for updates and security.
Don’t forget about a router that will put a firewall between your two networks to block traffic from the guest WI-FI network. This is one often overlooked ways you can protect your business from a data breach.
#3 Securing your business network
Another good rule is utilizing multiple networks that are public or private for their correct purpose. Internal computers and your point-of-sale system should be on a private network that almost no one can access without a high-security clearance.
Remember, your business may processes hundreds of transactions daily and is legally responsible for protecting all the data that flows through your POS. Left unprotected, every card you swipe can be recovered by an ambitious criminal and leave you with thousands of dollars to pay in fines. Keeping that network secure is one of the most important tasks to prevent a data breach. If a guest or random employee can access that data, the risks for a data breach are significantly increased.
However, merely having a private network is not enough. The safest way to accept payments is to use a payment gateway that encrypts the information. If you’re not sure, reach out to your current POS provider and make sure your software is not storing credit card data and transferring it safely to an encrypted payment gateway.
For older systems or expired/outdated software platform, it is likely easier for a hacker to install a virus or software since security advancements happen all the time. Talk to your point-of-sale provider and make sure the software is still up-to-date and current to stay protected. If a software company who developed the original system has gone out of business or is no longer supporting the software you use, consider buying new software that is actively supported and updated.
The key pieces of security
Security is always a moving target, and criminals are continually working to find any point of weakness to exploit. Instead of burying their heads in the sand, businesses can minimize their risk for a data breach if they follow these basic principles:
- Minimize human error
- Follow trusted security standards
- Don’t store card information
- Protect your internal network
If you’re unsure if your current system is up to speed or want to add an extra layer of protection to your business, feel free to contact us today!