Restaurants, food, and beverage companies are not usual targets of cyber attacks, malware infection, ransomware infestation, and data breach attempts. However, a paradigm shift is currently happening, when threat actors are looking for new victims, new industries to focus on when it comes to their campaigns. The key ingredient of becoming an attractive potential victim is big data; all industries at the receiving end of cybercriminals have one thing in common, they are storing huge amounts of customer data.
The banking industry and the healthcare sector are the favorite targets, since the former holds both the money and personal data records of their customers, in contrast, the healthcare sector stores valuable unique patient data. Data is the lifeline of both industries, as they operate their businesses heavily dependent on the trust of their customers for their brand. A restaurant or any business which is connected to serving food do not typically hold customer data. This is because transactions in a grocery store or a restaurant are usually paid using cash, that means the transactions are anonymous.
But the anonymous transactions with grocery stores, restaurants, and convenient stores are quickly becoming a thing of the past, thanks to the owner’s desire to capture customer data. In a typical fashion, customer data are collected by restaurants and similar businesses by offering them a loyalty card. Loyalty cards require users to be anonymous customers to register their personal and contact information with the merchant. This loyalty cards gain points for every purchase, but that also means all the purchases made are no longer anonymous.
The use of credit/debit cards for paying merchant is also a commonplace today, such a method is very convenient instead of handling cash to the counter. However, that comes with the side effect of losing anonymity when buying something in the store. The use of mobile apps for payment is also another payment scheme that cancels the anonymity of an individual. Using the mobile phone’s GPS capabilities, the app can also track the movement of the buyer from store-to-store, creating a database of what store is frequently visited by buyers.
A merchant needs to make sure that customers’ information is stored securely and privately. Under the GDPR policy that takes effect globally, as long as the business caters to a citizen of the European Union entities are covered regardless of what territory they operate in. Data privacy laws per country are still far-off, however, given that GDPR is proven useful to protect people who live in EU-member states, it is not surprising if other countries in the world will have similar legislation.
It is only prudent for businesses to check their current cybersecurity defense posture. It is not bad to spend more, to prevent getting hacked or fall to scams like phishing, as it is difficult if not impossible to recover from a damaged brand. The best way to minimize the chance of becoming the next target is to establish a penetration testing session, it may be expensive upfront, but compared to getting hacked, it is much cheaper.