This is a summary of an article written for Modern Restaurant Management by Courtney Radke, Retail CISO at Fortinet. The entire article can be accessed here.
As restaurants around the country start to reopen, there are many lessons to be learned from the events of the COVID-19 pandemic. Establishments that did not close entirely were forced to adapt their business models to accommodate for things like curbside pickup and delivery, both of which led to a heavy reliance on wireless technologies. While these technologies have enabled business continuity, they have also caused cybersecurity to become a more substantial part of the conversation.
COVID-19 turned the entire hospitality industry on its head. It became a matter of survival for companies to adapt to new business models, leading to an increase in things like drive-thru expansions, home delivery, and even pop-up or satellite locations. For the most part, these strategies have leveraged the use of either touchless, contactless, or low-contact payment methods that, while convenient, also represent a new attack vulnerability. With restaurants reopening and seeking to provide additional ways to minimize person-to-person contact, these payment methods are only going to see more use.
Those restaurant owners who were already using omnichannel and digital practices were able to reap the benefits immediately, seeing higher numbers of repeat visits (and higher sales numbers in general) than those who had to scramble to adopt digital strategies to stay afloat. Late adopters, on the other hand, had no time to waste when it came to building or expanding their digital capabilities to meet the demands of their customers – in many cases, this led to the installation of new hardware or having to use existing infrastructure in new ways. Suddenly, a wireless network that was meant to support guest access or internal operations now had to secure curbside, drive-through, and pop-up transactions.
However, while being versatile and adapting to new conditions may have saved the business, it also often meant that cybersecurity suffered as a result. The truth is that, in the face of the coronavirus pandemic, many operational responses did not fully take cybersecurity into account. Rapid, and perhaps even slapdash deployment of these technologies to keep up with consumer demand ultimately resulted in both the increase of existing threats and new risks coming to light. Meanwhile, all of this occurred against a backdrop of relaxed controls and reduced security expenditures due to IT departments being pushed to complete work without being mindful of the usual change protocols. It's this lesson that restaurant owners need to consider as they prepare their reopening strategy.
And now, yet another phase of transformation awaits restaurant owners: remaining in compliance with state and local guidelines while reopening for indoor and outdoor dining. Not only are there physical accommodations that must be made to promote social distancing, but many restaurants are also being encouraged or, in some cases, required to use technologies such as contactless payments to provide additional layers of physical safety.
These changes can be expensive, making it tempting to continue to let cybersecurity concerns slide. This could be disastrous, however, especially with many restaurants relying on cloud-based technologies in the wake of COVID-19. Now more than ever, cloud capacity needs careful monitoring and security, including the management of any misconfiguration errors that could be exploited.
Although digital and contactless payment methods are more inherently secure than traditional card-based transactions, it is still possible for cyber criminals to see and capture them. And lateral attacks against restaurants, which can lead to cardholder data compromise, are made easier by misconfigured systems, which means extra care must be taken. This makes it necessary for business owners to not just transition to new payment models but also take steps to protect their customers' payment card data, especially when considering industry standards such as the Payment Card Industry Data Security Standard (PCI DSS). By the same token, restaurants have to place restrictions on patrons or other outsiders from attempting to access other parts of their business without being authorized to do so.
Considering all of this, it is critical that cyber hygiene not only remains at the forefront but that it also be strengthened.
In this new normal, the nature of retail transactions has changed and will continue to do so for the foreseeable future. In spite of this, business owners need to provide safety and consistency when it comes to the customer experience, going beyond the quality of products and services to also encompass customer digital security. Restaurants can help keep their businesses viable by embracing new digital innovations in customer service, but it should not stop there. Keeping customers safe from unnecessary public exposure and meeting their demands while also keeping their payment card data secure is now a core requirement for continued success.
Learn how Fortinet offers retailers a broad set of network and security technologies that are seamlessly integrated and automated with the Fortinet Security Fabric.