The hospitality was recently affected by a ransomware attack on a major point-of-sale provider. At POS Philly, we want users to understand how to best protect themselves from phishing attacks. Opening sketchy emails, having USB sticks plugged into computers, and other red flags can seriously affect your restaurant and reputation. Protecting yourself from potentially damaging scams is important. Our friends at Phin Security have a few recommendations on how to restaurants can shield themselves from phishing and ransomware attacks.

What is Phin Security and how do you help your clients?

Phin Security is a security awareness training and phishing simulation company! We help organizations train their employees to recognize social engineering before it results in the theft of information, access, or money.

What are common types of digital security concerns that affect restaurants?

Some of the most prevalent concerns for restaurants are payment card fraud, compromised POS systems, and weak information security practices. Basically, the most valuable information that a restaurant potentially collects is the payment information all of their customers may give them when paying for their meals. If this information is collected and stored improperly, or if a malicious individual is able to intercept this information; then that would be disastrous for the restaurant.

How can a phishing attack hurt a restaurant’s security?

Think of phishing as a way to unlock a door. Behind the “closed doors” of every restaurant lies valuable information, access that can be used to find that information, potentially access to bank accounts, etc. If a phishing attack is successful, it could lead to an outsider unlocking a door and getting access to all of this. Once the outsider has access, they can do what they want. Sometimes this means ransoming the computers, sometimes it means remaining undetected and gathering information, and other times times it means stealing money. 

What is a ransomware attack?

A ransomware attack is when computers (and sometimes POS systems and other pieces of physical hardware) are held for ransom. A malicious individual, who has access to the hardware, will lock all access to the computers and send a message saying “Pay us X dollars to get access to these computers back”. Often this message is displayed on the computers themselves and ransoms are usually paid in cryptocurrency.

Are cloud software systems secure?

Yes! Security is always a layered approach and every company should have properly implemented security policies. Cloud software systems are secure, but, as always, every decision (such as to use on premises hardware vs use cloud software systems) comes with its own risks and its own rewards. It is possible to make things incredibly secure, so long as the risks and rewards have been properly understood.

How can a restaurant best protect itself?

Two things immediately come to mind:

  1. If your POS systems have USB ports (or any other way to connect something to them), get USB plugs to block them from other connections and make sure they are not easily accessible to the public. One of the easiest ways to get access to a computer (to ransom it, or just gain access), is to plug something into an open USB port
  2. Train employees to recognize security threats. Everything from someone sending a fake email, to someone impersonating “IT department” and walking in to set something up. Focus specifically (for management) on the storage of Payment information (if you collect it). 

Thanks, Phin Security! Have questions about securing your business from ransomware and phishing attacks? Feel free to contact Phin Security today. Speaking of securing your business, check out cloud-based SpotOn and see how it can benefit your restaurant.