Any business that connects to the Internet is at risk of being a target for hackers. Many business owners make the mistake of thinking that they are too small for attackers to take interest in their data. These businesses make perfect targets for hackers. Restaurants are one example of a business that usually has minimal security, but they are good targets for hackers interested in stealing credit card data. As a matter of fact, restaurants are among the growing trend of small businesses that make good targets for data thieves and hackers.
Public Wi-Fi is an attacker’s paradise. Attackers have several options for stealing data and eavesdropping on digital conversations. Since restaurants often offer free Wi-Fi to their customers, attackers can sit for hours without suspicion and perform these attacks.
The first common attack is called a “man-in-the-middle” attack. The attacker creates a hotspot on their own device and names it something similar to the official Wi-Fi SSID provided by the restaurant. Users see the similar name and connect to it. Since it’s free from an official business, customers don’t consider that the hotspot SSID (the name of the Wu-Fi connection) could be malicious
When your customers conned to this hotspot, the attacker gives them access to the Internet so that they can still log in to websites and interact with other users freely. The attacker’s hotspot becomes the “man in the middle” and listens to data passed from the customer’s computer to the Internet. The result is that the attacker can read unencrypted data and steal login credentials.
The only way to protect from this attack is to put a sign in a common area that announces your Wi-Fi SSID. This means that your customers will have no confusion over which connection is yours should an attacker set up a malicious hotspot. It doesn’t guarantee that your customers are safe, but it reduces the chance that they will connect the malicious hotspot instead of the official one.
You can still put a password on your Wi-Fi connection and force your customers to ask for it if they want to connect. This will limit the number of connections from people who aren’t your official customers.
In addition to protecting customer connections, always keep your public Wi-Fi separated from the official internal network. Firewalls are used to separate the two connections, but some restaurant owners make the mistake of allowing public and private Internet connections to integrate together. When you have this type of infrastructure, you run the risk of allowing an attacker to access internal files.
Credit Card Processors and Encryption
It’s common knowledge for most website owners that any page requesting credit card information or private data must be encrypted. With restaurants, it’s common to have wireless credit card processors and some of them don’t have proper encryption security. These machines can be located at the cashier, or some vendors provide devices that waiters and waitresses can carry around to each table. Some of
Hackers can read data passed from one location to another with no encryption enabled. This is how your customers’ credit card data gets stolen. Any device that offers credit card processing should have encryption enabled.
In 2013, Target was the victim of a large attack where millions of credit card numbers were lost to the attackers. After the investigation, it was found that the attackers were able to read credit card data stored in point-of-sale machine memory. These machines are common in retail stores as well as restaurants, so these businesses are also targets for the same kind of attack.
Newer machines likely have encryption when data is transferred, but always read the documentation for the equipment to ensure that they use encryption when transferring data. If you have older credit card processors, you should perform a check on them to make sure they use the right security.
Most businesses give employees Internet access. It’s essential for them to manage day-to-day tasks. This advantages comes at a price. The price is the risk of web-based attacks. Several attacks are created just to steal data from internal networks, especially credit card data.
Ransomware and phishing attacks are the most common. Phishing attacks involve email. The attacker sends an email that looks like it’s from an official vendor or financial institute. The unsuspecting user clicks a link in the email that then takes them to a malicious website. If the user is tricked, the attacker gains access to login credentials. The attacker can log in from the Internet and avoid any hacking at all if they have the victim’s credential.
Ransomware can be even more devastating than a standard phishing attack. Ransomware is used to hold data hostage until the victim pays the ransom. Some ransomware will scan the network and encrypt even network data. The data is encrypted and a message displays that tells the victim that they can have the key if they send a ransom. The ransom is usually thousands of dollars, and for most people it’s better to pay the ransom rather than find a solution.
Recently, businesses have found that once ransomware is able to execute on the network, it’s easier to pay the ransom to get customer data back instead of fighting to reverse the effects of the encrypted data. In 2016, Presbyterian Medical Center paid a $17,000 in bitcoins to ransomware attackers that rendered the company unable to use any of their computers. While investigators studied the attack, they had to use pen and paper to handle
Cyber-security isn’t just for large corporations. Small businesses are better targets for hackers because they are under the false assumption that attackers don’t want to under the false assumption that attackers don’t want to hack their systems. The result is that their systems are poorly secured and hackers need little effort to gain access to sensitive data. Because restaurant owners don’t consider themselves targets, they often poorly secure their data. Don’t be a victim of cyber-security