Data breaches: A restaurant operator’s worst nightmare
When it comes to protecting your POS data from hackers and thieves, the IRS recommends following these 5 steps.
Q How secure is my POS data, and how can I best protect it?
A You’d probably be amazed at how easily a hacker can break into your POS system. With that in mind, the IRS recommends that small businesses follow these five steps to protect their data:
1) Identify and control who has access to your data. Perform routine background checks on your employees and limit their access to the system. Require individual user accounts for each employee and create policies and procedures for information security. Create a list of the types of information your business stores and uses and maintain an inventory of IT-related equipment. Many breaches occur with wireless printers hooked to a network that still uses the manufacturer’s default password. So make sure to change that password, or hackers can gain full access to your data!
2) Protect yourself with the latest hardware and software. Patch your operating systems and applications and install and activate firewalls on all of your business networks. Secure your wireless access point and networks. Set up web and email filters using encryption for sensitive business information. Dispose of old computers and media safely. Consider putting an IT specialist on retainer to protect your interests.
3) Detect security issues by installing and updating anti-virus, anti-spyware, and anti-malware programs. Hackers often use email attachments to access your store data. Once opened, the attachments unleash viruses that compromise your system. Employees who log in to Internet sites using saved user names and passwords can also create an opening for hackers. Keep your anti-virus programs updated and activated at all times.
4) Develop a plan to respond to data disasters and information security incidents. In the case of a data breach, determine who will make the decision to initiate recovery procedures and shut down the system and/or move to a backup site. Create a list of people and agencies to be contacted, including law enforcement, the IRS, state taxing agencies, attorneys, insurance providers and cyber-security professionals.
5) Back up everything that’s important. Always make full backups of important business data/information. You should do this routinely, if not daily. Store this data offsite to keep it safe.
For more information, visit the National Institute of Standards and Technology website at nist.gov or contact the National Restaurant Association. You should constantly make improvements to your processes, procedures and technologies. It’s too easy for hackers to break into your system—and you, as the operator, will be liable for the results!