Upgrading a restaurant’s tech security
Snapshot
Restaurants can be a tough environment to secure against cybersecurity risks. Many applications used in the customer-facing and backend parts of the business have vulnerabilities that restaurateurs may not be aware of. So when a popular brewpub and restaurant came to Kalles Group looking for a risk assessment, we set ourselves the task of learning about and understanding their business processes, in order to provide them with aclear idea of where their risks lie. We were impressed by the eagerness of the company’s staff to learn about their cybersecurity vulnerabilities; that, combined with the company’s willingness to grant us access to staff and resources, made it easy for us to help this business harden its cybersecurity stance. This client found our work so valuable that the risk assessment has now become an ongoing relationship, in which Kalles Group is working to improve the client’s cloud security
Challenge
Restaurants may seem to outsiders like a simple business: Make food, serve it to customers, collect payment. But behind that simplicity is a minefield of potential cybersecurity risks. When a local brewpub and restaurant hired us to carry out a risk assessment, we found it had nearly a dozen separate applications engaged in the handling of sensitive data such as customers’ payment cards and employees’ personal information, including wireless point of sale systems that come with their own unique risks. Properly identifying the risks to this client meant learning how these various applications were being used, and assessing whether the best possible precautions were being taken with them.
Approach
Restaurant workers are sharp people – you have to be, to handle the fast pace and chaotic nature of the business – but they aren’t necessarily experts in cybersecurity. For Kalles Group consultants, carrying out a proper risk assessment meant interviewing staffersto learn how and when they used their various applications, and then advising them on the risks involved. That meant finding a common language with the client’s staffers, one that would allow them to share their knowledge with Kalles Group, and in turn learn from our consultants.
Fortunately, this brewpub’s leadership and staff were more than willing to teach us – and to learn from us. This company’s staff put in a learning investment, and thanks to their winning attitude, we were able to provide this client with a 24-month roadmap that would help them harden their security practices across their entire operation. We addressed issues such as access (how many people need to log on to certain apps? Can you reduce that number without impacting the business?) and awareness of high-risk activities, such as phishing and ransomware. The roadmap offered simple, practicalsolutions to security risks, for instance the use of multifactor authentication when signing into sensitive apps, and changing the settings on apps to prevent them from automatically running code.
Results
Our focused, pragmatic roadmap to better cybersecurity was a big motivator for the restaurant’s leadership, as it offered a clear path to cybersecurity peace of mind. In this case, the initial step of a risk assessment opened the door to an opportunity for better cloud security, and Kalles Group has made itself available to this client for ongoing advisory work, as needed. Thanks to our cooperative efforts, this restaurant’s leadership and staffnow understand a key reality in their line of work: Secure systems aren’t a destination, but a journey.