Technology has made data easier to store, manage, and collect than at any other time in human history. That power has resulted in amazing improvements in the efficiency of business, and restaurants have benefited just as much as any other – few restaurateurs can imagine running their business today without a comprehensive POS system to store ordering, inventory, and payment information.
The power of technology has a dark side however. The ability to store massive amounts of data in one place means anyone who gains access to that data can use it for criminal purposes.
Unfortunately for restaurant owners, identity thieves have started focusing more and more on the food service industry lately. The high turnover, fast-paced environment, and minimal experience with data security typical in restaurants has created a perfect storm of opportunity for theft.
According to a USA Today article, identity thieves began targeting restaurants after hotels beefed up their data security in response to increased theft in the hospitality industry. The problem with most restaurants is that they may not even know how vulnerable they are to data theft until it’s already too late.
Here’s the 3 spots where your restaurant may be at risk (and how to fix them):
1. Employee records. The first place everyone thinks of when it comes to identity theft is credit card information. We’ll get to protecting your customers next, but employee records come first because few small business owners even think about the information they keep on file for employees as something anyone would want to steal.
Those W-2s, I-9s, social security numbers, and addresses are a potential gold mine to an identity thief, and most of those records are usually on paper behind one or maybe two locks – making them pretty easy pickings.
What to do: Some restaurants have started contracting a third party to digitally image all of their paper employee records and store them in a secure off-site location. These contractors will also usually provide secure shredding and disposal services for sensitive paper documents.
If cost or size (you don’t employ enough people to make it worth it) eliminates a third party option, then take the following steps to beef up the security around your employee records:
Limit access. However you store employee records, put them in a place where only one or two people have access. This means something more secure than a filing cabinet in the back office.
Digitize records. Electronic information is easier to protect and takes up less physical space in a cramped back of the house, so if you can convert old paper documents to digital and collect new employee information digitally, this is by far the most efficient option.
Conduct background checks on new employees. Fellow employees are by far the most likely to commit identity theft, so when you hire, use a background check to help filter out potential thieves. This is easier said than done in the restaurant business, but if you take the time it can really save your butt later on.
2. Customer records. More than likely if you’ve taken steps to protect data in your restaurant this is the place you’ve focused you’re efforts. However, the guidelines and standards for credit card security are very fluid and change often. These standards are called Payment Card Industry (PCI) Data Security Standards (DSS).
These standards are not mandatory, but if your business experiences credit card theft you won’t be protected by the major credit card companies if you are out of compliance.
What to do: Visit the PCI Security Standards Council for a complete guide to PCI compliance.
3. Employee eligibility records. As Chipotle is discovering, keeping your I-9 records in order is a critical part of data management that will help protect your business from litigation later. Naturally, you would never knowingly hire an illegal immigrant, but if they provide you with false information then it will be up to you to provide that information if there is an investigation later.
That’s why it’s imperative, especially as the federal government cracks down on the hiring of illegal immigrants, to make sure you have all of the proper identification information for every one of your employees, past and present.
What to do: Collect and store I-9 information meticulously for each of your employees, including former employees. Also check this information for red flags like suspicious looking social security numbers, shoddy looking identification, and duplicate information.
One Chipotle employee alleges she was able to get a job by using a friend’s identification information who was already a Chipotle employee. Don’t let that happen to you.
Good data management is an imperative in modern business, and owners who remain complacent about their management practices roll the dice every day they open their doors for business. Some may go for years without a single problem. Others will discover just how damaging identity theft and improper hiring can be to their business.
The question is: do you feel lucky or do you prefer to minimize your risk?
Well, do ya?