Cyber Security 101

October 13, 2017

By Jason VanGotten, Colorado Restaurant Insurance —

As a restaurant owner, you’ve put your heart and soul into opening a business and running it successfully.  The responsibilities of ownership are sometimes overwhelming.  Every minute of the day is critical and typically consumed with a pressing set of high priority daily activities, such as: scheduling stock orders, coordinating schedules, closing out, and many more.  With so many tasks in a given day things like cyber security are often overlooked until it’s too late.  In a small period of time, all the hard work, money, and time you’ve invested in your business can be lost.  This is our new reality. The threats are increasingly more common whether a restaurant has multiple locations, or not.  Even large national restaurant chains (Sonic & Chipotle) have IT security holes that have allowed hackers to penetrate their networks and steal personal identifiable information.  It is a team effort between the restaurant management team (to create a process and work with employees internally), your IT provider, your point-of-sale (POS) provider, merchant services and your insurance agent to help you with these strategies.

 

Here are the facts: 

  • Malware can make its way into a POS system.
  • Credit card skimming is real.
  • There are 33 million malicious URLs on the internet today.
  • Security experts have identified 50% of the Android applications released this year could be traced to malicious data mining activities.
  • Phishing attempts are hard to spot: “read the attached pdf, word, or excel doc.”
  • It can happen by clicking the wrong item. Easy to do.
  • Additionally your friends can be hacked, and the hackers will size up your profile and pretend to be your friend communicating with you while they try to trick you into giving up a password to log into a phony site.  Maybe that is the same password you use for everything in your life?
  • Facebook, Instagram and YouTube hacking is also real.

 

The list of possible ways for your restaurant to be hacked is long.  Often the restaurant networks and the restaurant owner’s personal devices are not fully protected.  Additionally, there is currently no protection or policy in place for internal employees bringing their own devices to work.

 

What should I do?

Talk to the Colorado Restaurant Association (CRA) cyber security insurance experts.  They are partnering with security focused IT experts who can help you create an IT strategy.  The CRA also offers a cyber insurance program to help protect your business in the case of a data breach.  It is smart to be covered from all angles.

 

Attend our upcoming webinar series!

The CRA, in conjunction with their insurance company, Colorado Restaurant Insurance, will continue to highlight the subject of cyber security in an on-going series of upcoming webinars.  Come and learn more about how to protect your restaurant investment.

Cyber Liability – Are You Covered?

October 3, 2017

By Jason VanGotten, Colorado Restaurant Insurance —

 

Originally, I began writing about this back in 2015 when cyber-attacks were starting to become relevant in our world. Now, the world of cyber criminals have fully evolved and results show that 2017 recorded the highest number of cyber-attacks globally. This is evident in the vast amount of attention recently given to cyber-attacks with companies such as Equifax, Sonic, Chipotle, Time Warner, Anthem, Target, and more. Cyber liability is something all businesses need to consider, even the hospitality industry. Considering that your business likely has a website, uses social media, uses internet connected computers, has a point-of-sale system and most importantly an electronic payment processing system, you probably conduct more cyber business than you may be aware of. Yet, when was the last time you discussed this risk with your insurance agent? Cyber criminals have exploited all sizes of business and cyber liability can no longer be ignored.

 

The discussion around cyber exposure/risk is extensive and complicated. Exposures include computer fraud, hacking, ransomware, phishing, malware, adware, lost equipment and even simple mistakes. Some of the most common occurrences within a small business begin with:

 

  1. Online hacking and data theft of confidential information such as credit card numbers, personal identifiable information, social security numbers, date of birth, etc.;
  2. Accidental loss or sharing of proprietary information; and
  3. The inside threat, known as phishing, of employees stealing sensitive account information from employers and customers.

 

There are a lot of misconceptions regarding both your exposure and how to protect yourself. Unfortunately, many times the realization of insurance shortfall comes after something drastic happens. The common mistakes an operator can make regarding cyber liability are:

 

  1. Assuming, because you are a small business you are not a target;
  2. Assuming your general liability policy affords the proper coverage needed to protect against a cyber claim;
  3. Assuming cyber liability coverage is too expensive; and
  4. Assuming your point-of-sale, merchant service, and server (IT) companies afford you coverage/protection when a cyber-attack occurs.

 

The most common cyber liability a restaurant faces is a data breach. A data breach happens when an unauthorized individual gains access to electronic information (typically names, credit or debit card numbers and/or bank account numbers). This information is highly desirable to a criminal looking to sell their stolen information on the “Black Market” or to utilize the information themselves. The costs associated with resolving a potential data breach are significant. According to a 2016 Fortune report, a data breach for the Hospitality Industry can cost approximately $139 per record stolen. Consider that the average time to identify a breach is 201 days and that the average time to contain a breach is 70 days. Therefore, depending on the number of credit card transactions you process monthly and some of the potential efforts needed after a data breach (see below) the costs of a cyber-attack adds up quickly.

 

  1. Costs of notifying affected individuals;
  2. Costs of notifying regulatory authorities;
  3. Regulatory fines at home and abroad;
  4. Forensic costs to discover the cause;
  5. Business income loss;
  6. Cyber extortion payments (Ransomware);
  7. Lost customers and damaged reputation;
  8. Implementation of credit monitoring services;
  9. IT expert services; and
  10. Defense and settlement costs.

 

The lesson in recent stories making the cyber headlines is that security goes far beyond simply having the right technology. It also requires training your employees with the proper mindset, attention to detail, as well as a clear awareness of these possibilities. Remember, you cannot possibly think of everything that might happen. My advice to all restaurant owners is to strongly consider reducing some of your risk through securing your IT systems (update software regularly, train employees, monitor social networks, encrypt data, change passwords and confirm your vendor’s security). Even performing all these recommendations will not ensure full protection from a cyber-attack. Therefore, we also suggest transferring some of the risk by purchasing a cyber liability insurance policy to protect your restaurant from losses you would be forced to pay for if you are to ever experience a cyber-attack and your client data is successfully stolen.

 

For more information regarding cyber liability insurance for restaurants please contact Jason VanGotten at jvangotten@corestaurant.org