With many restaurants across the U.S. shifting to a delivery- or pickup-only business model to survive during the COVID-19 pandemic, there’s been a heavy reliance on online orders and digital payments. As a result, more restaurants now store or use detailed private customer data, making the risk of data theft a major concern.

Every restaurant accepting online orders must protect its customers with a robust cybersecurity program. Here are the top five things you can do to safeguard your business and your customers’ sensitive data.

1) Educate Every Employee

The leading way hackers and criminals gain access to a secure network is by tricking the people who use that network to give away their login passwords or other information. Email phishing is an effective method of tricking people into revealing passwords, so you need to train employees to recognize irregular emails that discuss logins, networks or any kind of private data that would not usually be discussed through email.

Criminals can often create an official-looking email account—even an internal one inside the company with a real person’s name—to fool employees and gain access to a business’ network. It only takes one mistake from one employee to let a hacker in, so it’s crucial that you train every new hire to spot suspicious emails and report them to management.

2) Use Firewalls, Two-Factor Authentication and New Passwords

According to the digital security experts at NODE International, vulnerable restaurants should make immediate enhancements to network security, such as upgrading firewalls and implementing two-factor authentication that is harder for digital criminals to circumvent. Firewalls place hard-to-crack digital barriers between networks.

Two-factor authentication requires users to use a login name and then respond to a text message or email at a verified number or address to get a pin number and log in. Most people are already familiar with two-factor logins, as they are commonly used by major online stores, banks and other services.

For point-of-sale systems and computers that are visible or potentially accessible inside the restaurant, owners may be able to program unique ID numbers for each employee to use, so they know who was using which screen at which time to help determine if a criminal may have gained physical access.

When offering a free wifi network for customers or employees, it also helps to update the password on a regular basis. Never store passwords locally on a computer or a note near a computer. Low-cost online services such as Dashlane or Lastpass can manage and protect large passwords lists safely and securely.

3) Vet All Vendors and Partners

There are many ways to access a secure server or network, and vendors or corporate partners with digital connections can potentially open a restaurant’s systems to attackers. It’s fairly simple to evaluate a vendor’s level of protection with a few questions.

• Does it have a security program?
• Does it have a firewall and security services?
• Does it need to put equipment on your network? If so, what kind?
• If the vendor is hacked, how will this affect your restaurant?

If the vendor has no security program, no knowledge of firewalls, or requires deep integration with a restaurant’s internal systems, it can introduce additional entry points and make it harder to prevent data breaches. Further, the more business owners discuss cyber security with each other, the stronger the protections will be to provide peace of mind to customers.

4) Use Secure, Up-to-date Computers and Software

Existing restaurants with older computer systems may need to upgrade to ensure that every device connected to the network is protected with modern security measures. For instance, computers or tablets that run outdated software or no longer receive new security updates from manufacturers can pose a significant vulnerability to hackers. 

Similarly, employees should never use restaurant computers for personal emails, shopping or other non-business functions. It’s all too easy for an errant click to introduce a virus or malware into an entire network.

What’s more, strictly limiting what’s available on the computers, or educating employees to never browse the web on them, helps owners know exactly what information is on the network and minimize opportunities for interference.

5) Consider Cyber Security Insurance Coverage

When all else fails, it’s crucial to know you are still protected, both financially and legally. Most major restaurant insurers offer policies that provide financial and legal protection from cyber threats such as data theft or ransomware that may cause business interruptions or investigations; some policies may be found for as little as $80 per month.

If a cyber attack occurs, properly insured restaurants may receive financial compensation. Even more important, they have access to a professional digital security firm that provides services such as a comprehensive risk assessment, security awareness training and assistance in dealing with law enforcement. Specifics will depend on the distinct policy and insurer, but many policies also include provisions to handle potential customer lawsuits over privacy violations.

Data Safety is the New Normal

Any restaurant offering or considering online ordering or other digital services using sensitive data must develop a strong customer and data protection program to ensure everyone is protected. A serious breach can potentially doom any type or size business, from a local diner to a major fast food chain.

The steps above, in conjunction with a professionally installed network, can help restaurants defend themselves from digital attacks and protect against from the worst business effects if a cyber breach does occur.

Crystal Jacobs is vice president and program director of Restaurant Guard Insurance, a provider of insurance solutions to the restaurant industry.