How bar owners can keep guests’ information safe.
By Kinesh Patel
Every day bar owners trust their employees with guests’ food and drink orders, but what they may not realize is that they are also trusting them with something much more valuable: guest data. Historically, cybersecurity has often taken a backseat in the hospitality industry as these companies haven’t been trained to think about security in the same way as banks or e-commerce platforms.
However, with recent hospitality industry data breaches and GDPR regulations, security has been brought to the forefront, forcing bars to look beyond a bouncer at their front door and to prioritize digital security.
Bars aren’t tech companies, but they are now expected to have the same level of expertise when it comes to data privacy. Every day guests’ personal information—from credit card numbers to addresses—are input into systems that are accessible by a number of employees who likely have not had data security training. Each time a guest frequents your bar, they are leaving behind a trail of valuable information, and the onus is on you, and your staff, to keep that information safe.
Train the First Line of Defense:
Whether it’s a scorned employee or an innocent mistake, 60% of all cyber-attacks are carried out by insiders, making employee training a crucial first step for bars looking to prioritize data security.
The simplest and often most effective guard against data breaches is ensuring that every employee is trained and comfortable with the data they are handling. Having a strong foundation ensures your team understands the responsibilities associated with access to this data, and it can prevent issues from arising long before a breach happens.
While it may seem obvious, start by covering the basics and sharing best practices of data security with your staff. These include:
Establishing strong passwords (i.e., not using “mybar1” for data you are trying to keep protected).
Using multi-factor authentication, which ensures employees have to present at least two pieces of evidence to verify their identity before being granted access to your systems.
Not exporting data to insecure systems, including email or your
Keeping antivirus software, like Avast Security, up-to-date on your back office computers for real-time protection, threat-detection, and added network security.Integrate these lessons into your employee training program early on, and emphasize that data security is just as important to their job as tending to the bar or serving guests.
In addition to covering the basics, train employees on how to detect malware or phishing emails. A business is only as strong as its weakest link, and one wrong click can give hackers access to the entire system.
What Happens in the Bar,
Stays in the Bar
One of the most common, and easily preventable, sources of data leaks come from employees exporting data found on back office servers. As a general rule of thumb, exporting data from the internal system should largely be prohibited. When information is exported from a secure system and shared either internally or externally, that data is no longer protected.
Whether it’s sharing data through insecure channels like email or an unsanctioned cloud software, or simply leaving private information up on a screen, customer data is constantly at risk of being stolen when it is removed from the system.
The good news is there are simple precautions you can take from a managerial perspective.
In addition to making sure every employee is trained on the data they handle, make sure they know which channels are considered secure
versus those which they should never transmit information through. Instead of using the same public Wi-Fi as your guests, set up a secure network for staff. Hackers can easily gain access to public internet traffic, giving them free reign on sensitive guest information.
There will always be someone out there looking to steal sensitive information about your guests, but step one in stopping data leaks is making sure the information you collect in the bar, stays in the bar.
Adding a Layer of Protection
While training your staff is important, you, as an operator, need a high-level understanding of what data you are collecting, who has access to it, and how it’s being used. Your establishment likely collects a multitude of different data. This varies from personal data, including a guests’ name, contact information or birthday, to transaction data, which is collected via a POS, reservation system, or payment-enabled service, and includes credit card information, bank numbers, and more. Start by prioritizing the data cyber criminals are most interested in—transaction data—and assess who is handling that information.
Put strict permissions in place to lock down your most sensitive guest data, limiting access to only those employees who are working with the information regularly.
Creating an access hierarchy that limits full permission to management-level employees and adds restrictions to entry-level employees will immediately lower risk and make training easier for everyone. When setting up access permissions, ensure you’re putting extra constraints on who can view versus export data, and enable multi-password authentications on all internal data.
It’s also crucial to revoke permissions for employees that have since left the company and make regular password changes a requirement. Detailed data security training isn’t necessary for every single employee, so find ways to limit that access as your business grows. By putting these safeguards in place, you will assist your staff in keeping guest data safe now and in the future.
Evolve Your Security
Process With Your Business
As technology evolves and employees come and go, it’s important to review security practices regularly to ensure your protocols keep up with the evolution of data security risks.
Keep the conversation of data security constantly flowing between employees, management, and your vendors to guarantee everyone is comfortable and on the same page.
Advanced technology and data collection have given bars incredible ways to connect with their guests
and create customized, unique experiences. But with these positive advancements comes the important responsibility to protect this information, which can be a daunting task.
However, with properly trained staff and the right technologies behind you, you’ll be prepared to create an establishment where both your guests, and their data, are safe.
Kinesh Patel is the Chief Technology Officer & Co-Founder of SevenRooms (sevenrooms.com), where he leads the engineering teams in the development of software technology. Prior to founding SevenRooms, Patel was Team Lead, Scientific Computing at ExxonMobil. He received his B.S. in Electrical/Computer Engineering from the University of Texas at Austin, and an MBA in Finance and Strategy from the New York University Leonard N. Stern School of Business.
Interested in more content like this? Subscribe to our monthly magazine.