Blog · 22 Nov 2019

Are food service companies really ‘invisible’ to cyber criminals?

Discover the security vulnerabilities that run through the sector, from commercialisation to wi-fi access and self-service.

Head of international business services

Working largely behind the scenes, food service companies have traditionally had a low public profile: when challenged, very few people would be able to name even the market leaders.

This ‘invisible’ status may be why the industry feels relatively safe from a cyber security attack. However, this attitude may have led to other significant security threats being ignored. So what should a food service company be addressing in the security arena?

Data breaches could be around the corner

Although food service companies may not feel they hold valuable data, in fact, as big employers, they do — they store information on hundreds of thousands of employees that is highly attractive to cyber criminals. Around the world, all types of companies have been hit by hacks leading to personal information such as bank details and addresses being exposed or stolen, and food service firms are equally as attractive a target.

Such a data breach would have several serious implications. Firstly, under GDPR, it would open the company up to significant fines of up to four per cent of global turnover, potentially impacting the bottom line by millions. In a highly competitive industry where margins are low, this could be devastating. Secondly, it’s vital that a food service company considers the way a data breach would call the firm’s reputation into question. It could hit client confidence hard, raising wider issues around security and how that could impact on the client company. Could a food service business with security vulnerabilities become a security threat for clients, particularly if they’re working in sensitive sites such as within government or defence. Certainly, third-party breaches are emerging as a form of hacker attack on businesses, exposing weaknesses in their supply chain. 

Commercialisation brings new security threats

Increasingly, companies are turning to self-service and automation technologies to keep up with consumer demand for convenience and this commercialisation is opening up new security threats. Whether it’s ordering a coffee remotely via an app or having lunch delivered to the desk, food service providers are introducing new services at pace — but their security coverage often lags behind.

The Internet of Things is also increasing security vulnerabilities, particularly at unmanned food service sites where network connectivity is unsupervised and it’s less likely that unauthorised access would be noticed. Plus, businesses must be vigilant against overlooking the threats posed by innocuous objects: the high-profile incident where a casino was hacked via a connected fish tank thermometer and stripped of financial assets is just one sobering example.

Wi-fi — a universal vulnerability

There’s a danger that security concerns around newer technology will overshadow the very real threats posed by the widespread use of wi-fi networks. Using wi-fi to connect outlets to the company’s systems and to the client’s systems brings the risk of a third-party or employee hacking the networks, with a consequently serious impact on their brand. This threat vector increases further as food service firms offer public wi-fi to extend a customer’s visit and spend. Many companies are now taking steps to segregate their public wi-fi offering from their internal company wi-fi, but this only reduces the security threat, and doesn’t remove it.

Inherent weaknesses in the food service industry workforce

In the food service industry, most frontline employees don’t think about the company’s cyber security while they go about their day-to-day duties. Traditionally, this hasn’t been a big security issue because such staff haven’t had much access to company systems. However, this is changing. The industry’s adoption of self-service applications for staff to raise orders and complete timesheets is just one example of how connected ways of working are increasing the security vulnerabilities created by employees. Staff are likely to access these apps (and the company network) from their own smartphones, too, which introduces yet another threat vector: security on personal mobiles is almost non-existent.

These employee security threats are then multiplied by the effects of a high turnover amongst a workforce largely made up of temporary workers drawn from a wide range of countries. Without an established culture of security and a disparity in base levels of awareness about security, any security awareness raised amongst staff will rapidly disappear as employees move on and new ones take their place. It’s vital that firms disable access to their systems as soon as individuals leave to minimise vulnerability.

Security measures to protect an evolving industry

Food service firms need security solutions that fully support the ways they work now, and the ways they’ll move to in the future. They need a security partner that can de-risk the implementation of new technology by putting strong protection in place in the cloud to manage threats before they reach any infrastructure.

As a first step, find out how to put in place a proactive approach to security that will keep pace with the changing threat landscape. Our security specialists are ready to help you handle ever-advancing threat vectors. Avoid putting your reputation at risk by ensuring data and regulatory compliance, identify and fix your weak points with our ethical hacking service, and make sure you control access to confidential information using encryption and PKI.