Ask the Expert: Society Insurance
Q: As the owner of a small restaurant chain, I can’t afford either the monetary costs or the bad publicity due to a cyber attack. What should I be doing to protect my customers’ data?
A: Handling electronic data is an unavoidable part of operating a business today, but the cost of a cyber attack can be devastating. On average, a data breach costs a business $148 per record, meaning a breach of 1,000 customers’ information could cost a business $148,000.
Improving data security should be at the top of restaurant owners’ to-do lists. With the increasing use of credit card payments, delivery, and mobile and online ordering—where customers are providing their email and physical addresses—restaurants are a lucrative target for cybercriminals looking to profit from customers’ personal data and payment information.
While data can never be 100 percent protected, you can make it more difficult for cybercriminals to access sensitive information by avoiding these five common mistakes.
Mistake No. 1: Using the same password for multiple accounts. Once a criminal has the password for one account, it’s easy for them to log into other accounts and steal data.
Don’t use default or common keyboard patterns for passwords (e.g., 123456, QWERTY).
Create strong passwords by mixing uppercase and lowercase letters, using numbers and symbols, and avoiding common words.
Use different passwords for different sites—you can use a password manager to keep track of them.
Mistake No. 2: Opening suspicious email attachments. Phishing, or posing as a trustworthy entity to trick the recipient into revealing sensitive info, is one of the most common ways criminals breach security. Phishing attachments can lead to malware, ransomware and stolen usernames and passwords.
Before opening an email, consider whether the message is from someone you know and if you’re expecting the email. If not, you may want to delete it or report it to your email provider.
Look for spelling errors or strange email addresses in the message, which may be a sign of a phishing attempt.
Do not click on any suspicious or unsolicited email attachments.
Mistake No. 3: Sending sensitive data electronically. Emails and instant messages containing private information need to be protected because cybercriminals can intercept them and steal sensitive data, including customers’ credit card numbers or employees’ personal information.
Password protect documents. Provide the password to the recipient in a secure way.
Encrypt emails containing social security numbers, financial data or passwords. Refer to your email provider for instructions.
Use OTR (off-the-record) messaging to automatically encrypt sensitive info sent via instant messages. Some messaging services have this feature built in, or it can be added as a plug-in.
Mistake No. 4: Not securing Wi-Fi networks. Wireless networks allow multiple users to connect at once, making them a goldmine for criminals looking to access data. Restaurant owners are increasingly at risk as they frequently offer Wi-Fi for their customers.
Provide a separate Wi-Fi network for customers and designate a private network for business activities, so customers can’t easily tap into any sensitive information.
Secure both Wi-Fi networks with different passwords.
Hide your business’s private Wi-Fi network name—it won’t show up when customers are looking to connect to a network and tempt them to tap into it.
Mistake No. 5: Not training employees on data security. Without a policy or training on cybersecurity, employees might not know what to do if they notice suspicious activity on company computers.
Have a policy in place so employees know what constitutes a cybersecurity threat.
Encourage employees to report any suspicious activity, no matter how small it seems.
Remind employees about the dangers of weak passwords and the risk of online accounts being compromised.
The takeaway? Awareness and action are the best ways to protect data and avoid a costly data breach, which can be devastating to a restaurant’s reputation and bottom line.
Restaurant owners who want an extra layer of protection should consider adding cyber liability coverage to their current insurance plan. A good cyber liability policy will include data security and privacy coverage, plus response services from the moment a breach is suspected until it has been resolved. With some extra caution and a cyber liability policy as an added safeguard, you can feel confident that your restaurant won’t be toppled by a cyber attack.
Kevin Miller has been in the insurance industry since 1997 and has experience in claims, marketing and sales. He spent the first 17 years of his career with large national insurance carriers and the last five years with Society Insurance where he is currently the state expansion manager. He can be reached at 888-5-SOCIETY.