Restaurants are a prime target for cyber criminals, and the average cost for a data breach from non-PCI compliance is $80,000. Restaurant owners learned how to avoid being a victim during a recent Webinar called: The Silent Restaurant Killer — Customer Data Breach.
"It's no surprise that 70 percent of businesses that are breached don't survive after one year," said Glenn Moore, vice president of marketing for ANXeBusiness Corp, a company that specializes in providing PCI compliance and security solutions to the restaurant industry. "Data breaches are widely publicized and consumers take notice and spend their dollars elsewhere."
Although PCI compliance was created by the major credit card brands in 2006, six years later, the majority of U.S. restaurants are still not compliant. The market is filled with inaccurate information around the requirements of all operators to demonstrate PCI Compliance. Many owners have the mistaken understanding that simply using a PCI-compliant POS system makes their restaurant safe and PCI compliant, said Moore, who outlined the following during the webinar:
- What it takes to become PCI compliant;
- How Cyber criminals are attacking restaurants; and
- How to prevent your restaurant from becoming the next victim.
About 67 percent of reported credit card data breaches occur at the POS solution because of either outdated firewalls or insecure remote access, Moore said.
"Criminals literally pry open the virtual door to your business and help themselves to your information," he said.
One common mistake restaurant owners make is purchasing a consumer-grade device instead of a model designed for businesses. A restaurant firewall should include comprehensive malware capabilities that are frequently updated.
"Some restaurant owners think they are safe because each computer in their store has a local copy of anti-malware like Norton or Symantec, but although that's helpful, it's also essential to run antimalware from the firewall gateway itself," Moore said. "It's a second line of defense in case the malware program is turned off or not updated on the local PC."
The second big problem with firewalls in misconfiguration, Moore said. Simply taking a firewall out of the box and plugging it in is common in the restaurant industry, but there are settings that must be configured properly.
"You need a trained security expert to make sure you are doing it correctly," Moore said. "For example, if you run a WiFi network, you can place your entire restaurant at risk simply by plugging the wireless adaptor into the wrong port on your firewall."