October is National Cybersecurity Awareness Month. Restaurants and small businesses can be big targets for cyber criminals, and particularly vulnerable during the busy holiday season, which informally kicks off this month. With increased transactions and data exchanges, it's crucial for these businesses to bolster their defenses against potential cyber threats.
Verizon’s 2023 DBIR reports 74% of breaches involve the human element. This means your team plays a crucial role in cybersecurity. An average data breach now costs $4.9 million. Ransomware is even costlier, averaging $5.2 million, and thieves have stolen over 1 billion records. These numbers highlight the urgent need for better security practices across all industries.
Let’s take a look at some of the ways today’s fraudsters are attacking organizations, as well as some best practices for limiting risk and impact.
Social Engineering
Social engineering poses significant risks to restaurants and small businesses. Cybercriminals often target these businesses by exploiting human interactions to access sensitive information.
Andy Bolin, North’s Chief Information Officer observes, “No matter the size of the business, the greatest security risks today come from social engineering and phishing attacks. These attacks trick individuals into clicking on malicious links or documents that introduce spyware, malware, and viruses into their networks and systems, or into innocently giving up their credentials to malicious actors. Almost every major breach reported recently has been due to some type of credential compromise.”
He goes on to emphasize, “Business owners and employees must enable multi-factor authentication (MFA) on their accounts to protect against credential theft, change their passwords periodically, and never give their usernames or passwords to anyone asking for them via email, forms, or phone call, no matter who they claim to be.”
Some examples of social engineering tactics:
- Pretexting involves creating fake scenarios, such as pretending to be a health inspector, to get confidential information.
- Baiting could involve offering free software or tools that require your staff to provide access details.
- Tailgating might occur when an unauthorized person gains access to your premises by following an employee inside.
- Quid pro quo scams could involve fake IT support calls offering to fix non-existent issues in exchange for access credentials.
Phishing Phishing is another common technique where attackers send emails that look like they come from suppliers or service providers. They might trick your staff into clicking on malicious links or attachments.
Attackers often push false urgency, gift card requests, fake invoices, and vendor bank changes. Teach your staff to slow down and verify what they are seeing and being asked for.
- Check sender domains and links before any click.
- Use a shared mailbox for supplier changes and call the known contact to confirm.
- Add a one click report button in email.
To protect your restaurant or small business, always verify unexpected requests for sensitive information. Train your staff regularly to recognize and report suspicious activities. Use security software including antivirus and firewalls, ensuring they are always updated. Be skeptical of offers that appear too good to be true. Limit the information shared on public platforms, like social media, to reduce risk.
Network basics
Restaurants and small businesses can enhance their network security with a few straightforward steps. Here’s how:
- Separate your wifi networks: Offer customers a distinct wifi network separate from the one used for your POS and staff devices.
- Strong passwords: Use strong, unique passwords for your wifi and change them regularly.
- Deactivate unused ports: Turn off any unused ports and switches on your routers to prevent unauthorized access.
- Remove old tools: Get rid of outdated remote access tools on your business computers to minimize vulnerabilities.
- Firewall settings: Configure your firewall to block new inbound connections by default, allowing only the essential network services for your business.
- Regular security reviews: Regularly check and update your network security to keep your defenses strong.
Each of these steps can significantly help protect your business from potential threats.
Password management
To enhance the security of your passwords and sign-ins, consider the following steps:
- Implement a password manager: Use a password manager to store and manage your passwords securely. This tool can help ensure that each password is unique and strong.
- Use 14-character passphrases: opt for long passphrases, ideally 14 characters or more, which focus on length rather than complex symbols. This makes them both secure and easier to remember.
- Enable MFA: Activate MFA for critical systems like email, point of sale (POS) portals, payroll, and finance. This adds an extra layer of security.
- Avoid text-based MFA: Be wary with text and SMS-based MFA due to vulnerabilities like SIM swapping. Consider using app-based or hardware token solutions instead.
Cyber hygiene all year long
Safeguarding your business from cyber threats requires consistent and proactive measures. This National Cybersecurity Awareness Month is the perfect time to implement robust cyber hygiene practices that can significantly reduce your risk.
By focusing on key areas like phishing awareness, password security, and network safety, you empower your team to be the first line of defense against cyberattacks.
North is a leading financial technology company that builds innovative, frictionless end-to-end payment solutions designed to simplify and grow businesses of all sizes. From the front door, to the back office, the developer world, and partnerships that expand the payments landscape, North offers proactive, comprehensive merchant services, in-house processing, and more.
