As a young man, desperately saving money for my first automobile, I spent some time working for a regional pizza chain. During that period, I recall an incident that occurred at another local restaurant. It was at night. On a weekday, after the close of business, two men entered through the back door. They robbed the owner at gun point and kidnapped a 16 year old busboy. Then they fled.
This event rocked our community. It introduced lots of concern, raised questions around how this could have happened, and caused change in how people went about their day. People became afraid. They started being more aware of their surroundings. They started changing their routines, their general behavior, their lives.
Luckily the busboy was released in the next town about an hour away. The criminals were later captured in yet another town under different, less reckless illegal behavior. The restaurant owner, however, was so affected by the incident he sold his operation and got out of the business.
Looking back on that time, I see many parallels with restaurant operations of today. Then it was common practice to lock the front door as the last patron left, yet leave the back door open as crews cleaned, carried out trash and prepared the restaurant for the next day of business. Incidents like the above led to changes in restaurant operations. Owners installed peep holes and door bells and introduced policies to always lock the door. Security cameras followed along with stronger door assemblies and special purposed locks. And in more extreme cases, electronic systems prevented doors from opening outside a given window of time.
Today we see a different threat entering the restaurant’s backdoor, the threat of cybercrime. Although the threat is different, the reactions, the concerns and the fears are the same.
Slowly restaurant operators are beginning to realize their vulnerable state. If they are not following best security practices, like having a business class firewall which is locked down, keeping their anti-virus and operating systems patched, using secure remote access tools with two-factor authentication, and requiring unique user accounts with strong passwords that rotate on a regular basis, operators are at risk today as if their physical back door is wide open.
The event above stuck with me over the years because it was a “that could have been me” moment. After all, I went to school with the kidnapped busboy, I worked in a restaurant in the same community, and our operating practices were no safer than the location that was robbed. My fear is that many of today’s operators will need a “that could have been me” moment of their own before they change their operating practices.
Unfortunately, back door criminals will always persist as long as there are vulnerabilities in our business structures, physical or virtual, and there is a profit to be made. It is our duty as a vendor to help fortify our customers’ structures in order to reduce the potential for profit by those criminals. It is the duty of our customers to comply with PCI DSS requirements and to do their best to protect sensitive data. And it is the duty of all of us, including you the reader, to be concerned, ask questions, change behaviors and respond loudly that we do not accept back door criminals in our world.
To learn more about data security and the responsibilities of retail and restaurant operators, visit these sites:
www.restaurantdatasecurity.com www.retaildatasecurity.com
Tags: data security, Payment Card Industry Data Security Standard, PCI, PCI Compliance, PCI Security Standards
