By Eric Alister
In today’s digital landscape, company data breaches are more prevalent than ever and often pose a risk of massive financial losses that cause irreparable damage to organizations’ public image. And although, most data breaches could easily have been prevented, every day there are reports of companies whose digital data has been breached and customers’ private information leaked.
“The good news is that risk management is not a difficult or mysterious affair,” says Taylor Bohn, Privacy and Information Security Advisor at the University of British Columbia. “although no business can make itself 100-per-cent impenetrable, most risks can be mitigated to a very low level by following some procedures, implementing company-wide policies and educating staff members.”
Here are some tips to help keep your data safe:
Network Security: Any and all of your Wi-Fi networks should be password protected. If you provide free Wi-Fi to customers or patrons, make sure to set up a separate “guest” network to keep outside traffic off of your internal network. The next important step is making sure your entire network is protected by a firewall and an Intrusion Detection System (IDS). These features are built into all modern networks and we recommend you consult with your IT manager or administrator to check that both security features are turned on and working properly.
Network Segmentation: For bonus network points, implementing network segmentation is recommended. It sounds complicated but all it means is that you create separate networks for different departments or use cases. For example, you can create individual networks for front of house, back of house and POS systems to keep sensitive data isolated. This is all done virtually through software settings, so there is no extra hardware cost for each network you create, and you can always create additional networks down the line as your operation grows.
Encryption: One of the key methods for keeping company data secure is enabling encryption on every digital device. Encryption is built into all modern operating systems — including Windows, macOS, Android and iOS — and when turned on, scrambles all the data that’s saved to a device so outside threat actors cannot view any files without a password.
Two-factor Authentication: In additional to password protecting your data, a second critical layer of defence is two-factor authentication (2FA), which adds a second layer of security by requiring a user to enter a six-digit code that is shared via the user’s smartphone or a security token generated by a 2FA app, such as Google Authenticator. In such a setup, the username and password are the first factor and the six-digit code is the second factor, making it substantially more difficult for an attacker to access unauthorized accounts by stealing a username and password.
PCI DSS Compliance: For restaurant operators, one of the key areas of data security is in the processing and storing of customers’ payment card information. To protect this data, all operators should familiarize themselves with the Payment Card Industry Data Security Standard (PCI DSS) and ensure full compliance with the standard in order to properly protect this sensitive data. Beyond implementing a PCI DSS compliant payment system, it is equally as important to conduct regular compliance audits to ensure all security measures remain up to date. Furthermore, check that your POS systems fully support Point-to-Point Encryption (P2PE) to safeguard transactions from outside attacks. Lastly, to prevent fraudulent transactions, all POS stations should have chip-enabled terminals.
Data Collection and Storage: It goes without saying that protecting customer data is essential for maintaining trust and complying with privacy regulations, but two additional steps you can take in this area are collecting as little data as possible and retaining it only for as long is necessary. This ensures that, in the event of a data breach, the volume of private data that is divulged is kept to an absolute minimum.
Employee Training and Policies: Employees play a critical role in maintaining data security. Therefore, proper training and policies can help mitigate risks associated with human error. Because, here’s the catch — regardless of the sophistication level of an organization’s security systems, cybersecurity experts consistently report that the weakest point in almost all security systems is still us, fallible humans. This is why educating your staff on cybersecurity best practices is a non-negotiable for companies big and small.
Update, update, update: Keep all software, including operating systems, applications and security tools, up to date by regularly applying security patches to fix vulnerabilities that could be exploited by attackers. “You’d be surprised how many data breaches are caused by running out-of-date software,” says Bohn.