You might think a mom-and-pop diner, single location of a casual dining or fast-food chain, may not appear to be an attractive target for hackers…. but that is far from the case. These installations are increasingly targeted by cybercriminals. Cyber criminals consider them to be softer targets than large businesses with full-time, on-site IT group and solid security practices, yet still offering a host of treasures.
When theft of credit card information comes to mind, the breaches at Target, Michael’s, Chase, J.C. Penney’s are the ones most often discussed. In these cases, hackers penetrated corporate sites and lifted the information. However, the Wendy’s incident, where credit card information was stolen from over 1,000 of their outlets, rivals any of the larger attacks on corporate headquarters.
By deploying malware to each of the affected restaurant’s point-of-sale systems, thieves were able to gather credit and debit card information from each location, for six months. Wendy’s spokesman Bob Bertini said that “the malware was very sophisticated and difficult to detect”.
In March of 2016, the popular Hard-Times Café, located just outside of Washington D.C. fell victim to a ransomware attack. Hackers locked up the restaurant’s systems and demanded $10,000 to release it.
Rather than pay the ransom, which may or may not have freed their systems and would have possibly encouraged more attacks, they instead chose to rebuild all of their systems. Point-of-sale, ordering, accounting and every other application used were reinstalled and reconfigured. This process took almost a week, during which time the restaurant remained closed, which helps to understand why a restaurant may choose to risk paying a ransom, instead.
For many restaurants, every common business function is conducted on-site. This includes payroll, storage of or access to employee personnel records, company banking information, vendor information and more. Personnel information of employees may then be used to open charge accounts, file fraudulent income tax returns or commit healthcare fraud. With the eatery’s checking account number, fake checks may be generated and cashed. Vendor data may be used to draft fictitious invoices against the vendor or the restaurant.
In 2015, visitors to the Canal House’s website were greeted with a message supporting the terror organization ISIS, accompanied by the sound of machine gun fire. It took the Middleton, Ohio restaurant over a day to recover control of their website. The FBI reported that there had been a string of attacks against other websites belonging to restaurants and other businesses, purportedly by ISIS members or supporters, with similar messages posted.
Much less ominous, but every bit as embarrassing and damaging to a restaurant’s image was an attack, in December of 2016, on a McDonalds in New Bern, North Carolina. Pranksters were able to hack the intercom of the drive-thru, as it was integrated with the establishment’s IT systems, so as to allow for display of items ordered and cost. Instead of a friendly greeting by a cashier, diners were met with profanity and rude remarks, made by the hackers.
These hacks cause serious damage on a restaurant’s finances and reputation. Data breaches can be costly, embarrassing and result in job losses and regulatory fines. They can have a serious negative impact on a restaurants long-term reputation. There’s a lot to lose if your company experiences a data breach.
A recent study by the Ponemon Institute found that 44% of companies believe it can take 10 months to 2 years for a company to restore its reputation following a breach of customer data. These breaches have long-term effects on a brand's value. Importantly what type of data loss has the greatest effect on reputation, customer data, financial data, employee data. According to the study victim organizations lost anywhere from $184 million to more than $330 million in the value of their brands. At best, their brands' value lost 12 per cent of their value prior to the breach.
It’s important to remember that there are no shortage of competitors waiting to attract dissatisfied customers following a security breach. Unfortunately, many operators are unaware of the potential threats or how easily these threats may be thwarted.
TitanHQ’s suite of security products provide 24/7, 360° protection that will stop hackers in their tracks. No need for an onsite IT security specialist, as these solutions are easy to install and include automatic updates.
To find out how TitanHQ can protect your restaurant or diner, you can email us at firstname.lastname@example.org.
Sign-up for email updates...