Hackers. Security breaches. Stolen data. Malware. All this high-tech piracy is the makings of hot headlines in the news and of Hollywood blockbusters. But for all its glory, the biggest security breaches do not lay in some genius coder who can figure out passwords or invent malicious software. The best cyber criminals don't want to waste time figuring out how to steal your information. They want to steal your data in the quickest and easiest way, so they found the weakest link - humans.
According to Social-Engineer.org, 66% of all attacks originate from social engineering, but research shows that only 7% of American companies educate their employees about it. Why? Simple lack of awareness.
Social Engineering
So what is social engineering? It is criminals manipulating people to get confidential information. They prey on our human instinct to trust other humans. The hackers rely on the fact that restaurant employees are notoriously busy and will not have the time to check the facts before sharing information.
The phone is the simplest way for a hacker to get information. Why try to figure out your password when they can just ask for it over the phone? The hacker will typically pose as an authorized user who is responding from someone's "request for help" or saying that they have found a problem in the system and need to access it in order to "fix it." The employee will grant them access to the system thinking that they are helping, when in reality they have just exposed all of your (and most likely your customer's) confidential data.
Playing Defense
The best defense against social engineering is awareness and education. Absolutely every person in your employment needs to be aware of this type of attack in order to prevent it. Anyone with access to a computer needs to be informed (and reminded often) that he or she should not give any information over the phone unless they have permission in advance to do so. The hackers are professionals and will tell their target that they are from accounting, the corporate office, or a vendor and then apply authoritative pressure on them so they don't have time to think about their decision.
Process & Policies
It is extremely important to have an established process regarding the handling of any confidential information or passwords. Below are a few guidelines to safeguard your restaurant:
Create a company policy on how upgrades, service issues, accounting questions, etc. are handled. The policy should firmly state that anyone, internal or external, needing access to any of the computers and/or systems on your premises must notify the IT staff via email and copy the manager (or owner) in advance.
Hacking incidents are on the rise. As we have seen through the media, it only takes one security breach to soil your hard-earned reputation and lose the trust of your customers. And while to err is human, knowledge is power. Take preventative measures before you become the next target.
Joining Ctuit in 2015, David Orr brings a breadth of Information Technology experience ranging from the small organization to the large enterprise. David's 24 year career in IT includes the last 15 years focused on Software as a Service (SaaS) solutions and ensuring systems availability on a 24x7x365 basis. He has worked in a variety of industries including software development, data centers, manufacturing, and telecommunications.