Creating a Restaurant Cybersecurity Plan

temp-post-image Data breaches in restaurants seem to be common place. Just days ago, Arby's announced that hundreds of their locations were hacked and sensitive data was stolen. The threat of being attacked by cyber thieves is very real for restaurants of all sizes. Larger chains are susceptible because of the volume of information, but smaller businesses are also at risk. A smaller restaurant may be perceived by a thief as being an easy target because they lack the IT resources to adequately protect themselves.

We hear about breaches at large chains like Wendy's and Arby's, but what about attacks carried out on the unsuspecting independent restaurateur? Hackers prey on these operators that are often ill-prepared for an attack, and the financial setback and brand damage associated with being breached could easily put the average restaurant out of business. The average incident will cost a restaurant between $36,000 and $50,000. But, the most damage may be harder to quantify, such as the damage to reputation. A lot of money will be spent trying to win back customers.

As technology evolves, so do the criminals that want your data. And it's not just credit card data they want anymore either, they're also after other proprietary data too, like recipes, customer data, employee information and more. But, an ounce of prevention is worth a pound of cure, and just as with food safety, every restaurant should have a cybersecurity plan in place.


The National Institute of Standards and Technology (NIST) provides the guidelines for creating comprehensive cybersecurity plans. The following outline incorporates the five functions of the NIST framework.

Identify - Take an inventory of every possible system that could be vulnerable, such as your point-of-sale system, computer network, routers, website, mobile app and more. Then identify every person that may have access to these devices.

Protect - Take steps to protect your sensitive data. Limit access and train everyone on the importance of cybersecurity. Stay up to date on the latest technology available to protect data and change passwords regularly. And of course, use EMV chip readers for processing credit cards tableside. These machines are impenetrable to hackers.


Detect - Put systems in place to detect breaches when they first occur. By having a routine for detecting hacks, you'll be more prepared to respond immediately and before it gets out of hand.


Respond - Put a data breach response plan in place in case of a cyber attack. The plan should include the professionals you will contact in the event of a breach, such as IT professionals and lawyers. Also, you should outline how you will inform your customers, employees and suppliers of a breach.


Recover - This is your plan for getting back to normal as quickly as possible after a breach. It should include information on fulfilling your legal obligations, firing and retraining employees and gaining back customers and their loyalty.

GlobalTech POS

5815 Live Oak Parkway,

Suite A,

Norcross, GA 30093

Phone. 470-377-5861