6 ways that restaurants can reduce cyber risk if you take credit cards

Cyber criminals are always looking for ways to steal sensitive data, and restaurants are prime targets. No matter the size from large chains to mom and pop shops, restaurants have attractive information in the form of customer credit card data.

Small businesses are often considered even more appealing to hackers because they usually don’t have the sophisticated network security of more prominent brands. Not that this makes them impenetrable, as there are many examples of national chains being the victim of cyber-attacks.

However, this doesn’t mean that restaurant owners can’t take strategic steps to reduce cyber risk. Working with cybersecurity experts can certainly beef up your protection and could include these important strategies.

Secure your POS


According to the 2019 Verizon Data Breach Investigations Report, 89% of data breaches for the restaurant industry were related to POS intrusions.

In this context, POS intrusions were defined as remote attacks against payment systems where card-present transactions occurred. In order to protect both your customer’s information and your own, it is absolutely critical you secure this point of access into your systems.

Tactics to secure your POS include end-to-end encryption, installing and maintaining antivirus software, and locking down your systems. Consult with POS security experts to determine the best barriers to keep cybercriminals out.

Educate employees about cyber-attacks like phishing

The first line of defense for your network security is your employees. Start a learning program on cybersecurity to teach them to avoid potential problems before they occur.

One of the easiest ways for a hacker to exploit a potential vulnerability is through a phishing email because the weakest link in your organization is typically the humans, not the technology. You need to provide your employees with critical data security education.

Provide them with scenarios and what to look for in a phishing email. Make sure that all new hires are trained as well. Stay up to date on cyber-attack trends and keep educating.

Install a firewall to separate devices

Your firewall, when appropriately configured, is a great first defense for cyber risk. It can also stand as a barrier for keeping a malware-infected device from infecting other devices on your network. This means creating multiple networks, depending on which devices need to communicate with one another. There is no need to have your office computer be on the same network as your POS machine, in fact doing so will significantly increase your potential vulnerabilities. 

Get on board with EMV technology

If your restaurant hasn’t implemented EMV chip technology, it’s time you did. This technology keeps you and your customers safer. It actually provides more protection against credit card fraud than any previous technologies.

EMV chip

You may recall that in 2015, credit card companies began placing liability on the merchant for fraud if EMV wasn’t in use.

It’s time to convert, a win for you and your customers.

Keep devices updated with the latest software

It’s time to take a look at the software running on your devices and whether they have properly been updated. Old versions of software often have an Achilles heel, which could mean an opportunity for a hacker. Every device on your network needs to be monitored and updated regularly, which is something a managed services firm can handle for you should you not have the time or resources internally.

Be PCI compliant

Now buckle up, because this one’s a doozy.

PCI (Payment Card Industry) compliance offers another impediment to cyber-attacks. Any technology platforms you use should comply with PCI standards, delivering another layer of security around your network and data.

PCI standards require merchants that process, store, or transmit credit card information to perform these activities in a secure environment. Ensure that all your vendors and their technology meet PCI standards as another vital way to prevent breaches.

Credit Card

Nearly half (44.6%) of companies fail to protect payment card data on an ongoing basis.


Because of the critical role that PCI compliance plays in keeping vital information secure, there are a number of steps that must be taken to bring your restaurant up to these standards. Some of the most important include:

Perform Vulnerability Assessments & Penetration Testing

If you are aware of your potential weak spots, you can take steps to bolster your defenses before it’s too late. While this needs to be done once a year at the very least, it is preferable to do so two to four times per year. Scanning for malware and performing penetration testing of your own to see your security from a hacker’s perspective, you’ll know exactly where your strengths and weaknesses lie. You can perform this internally or outsource it to firms that do it every day, but it must be done if you wish to be PCI compliant and know for sure that your system is secure.

Implement an Incident Response (IR) Program

The quickest response in an emergency is the one you have already prepared. Develop a program that includes what to do, training simulations and exercises, and pre-prepared forms. When an emergency occurs, you and your employees will know exactly what to do and how to do it.

Ensure Continuous Monitoring, Detection, & Response (MDR)

Even after doing your yearly (or hopefully quarterly!) Vulnerability Assessments and Penetration Testings, you still need to continuously monitor, detect and respond to potential cyber intrusions. Cyber criminals never stop and neither can you! 

Formally Conduct Due Diligence and Monitor Third-Party Vendors

Unfortunately, if you work with third-party vendors, it’s not just your own restaurant that you have to worry about. You must perform your due diligence and monitoring of these third-parties to ensure your data’s security as well as to maintain PCI compliance. You must do this for any vendor that stores, transmits, process, or in any way affect cardholder information. That can include third parties that interact with your software, hardware, patching, payment processing, alerting, and all the other ways these parties might come in contact with you and your customer’s data. This is why it’s so critical to find partners that you trust in order to protect this information.Cyber risk isn’t going away. In fact, hackers get smarter every day. But you don’t have to be a low hanging fruit for them. Develop a strong cybersecurity plan with the help of our experts. Contact us today to discuss options and discover an ally you can trust to handle one of the most vital areas of cybersecurity.