Why 40% of Restaurants Risk Mobile Device Security

Shiv Sundar

March 31, 2020

40% of Restaurants Cut Corners on Mobile Security for Devices, Self-Service Kiosks, but recovery after a mobile security incident isn’t cheap or quick.

The Big Idea

  • 40% of restaurants have knowingly sacrificed mobile security for the sake of speed or convenience.  
  • Nearly two-thirds of restaurants wait until after an incident to invest in mobile security, even though 80% of customers defect post-data breach. 
  • Building security into restaurant mobility requirements can protect your business from the latest industry threats and gaps in cloud restaurant POS solutions.

88% of Casual Dining and QSR Restaurants are Mobile

Mobile is no longer an optional part of the restaurant customer experience. Restaurants are rushing to go mobile and purpose-built apps and devices are driving operating efficiency and customer loyalty. According to Verizon’s 2020 Mobile Security Index (MSI), 88% of restaurant frontline employees use mobile devices to compete on the customer experience. And 40% of restaurants admit they cut corners on mobile security.

This comes at the cost of data privacy. Restaurant chains face some unique cybersecurity threats. Self-service kiosks are exposed to a lot of users. The restaurant industry is uniquely vulnerable to physical tampering and POS hacks. Device security is often safeguarded by hourly employees and seasonal staffers. The result? Last year, 30% of restaurants suffered a mobile security incident.

Restaurant operators are finding ways to stand out from the competition with strategic mobile-approach. Mobile-first millenials and Gen Z have more purchase power than ever, and they expect a seamless, digital customer experience. Apps and tabletop technologies create a connection between consumers and the brand. It builds a bond beyond food, on the customer’s terms.

The National Restaurant Association predicts 70% of Americans will order food off-premises for dining in, takeout, or delivery. Self-service kiosks are a quick-returns investment that can boost sales 5-6% in the first year of deployment for casual dining and QSR establishments.

Mobile apps and tabletop tablets aren’t the only ways restaurants are going mobile. Adoption of IoT dedicated devices is rising, and rapidly. 67% of restaurants have rolled-out digital signage and IOT technologies for employee productivity.

Restaurants Sacrifice Security for Speed and Convenience

80% of restaurants who knowingly sacrificed mobile security say it was a matter of “getting the job done.” The majority of restaurants know mobile security matters, but it’s seen as a barrier. Nearly one-in-three restaurants view mobile security as something they’ll “think about later.” Security just isn’t a consideration for mobile version 1.0.

54% of restaurants who cut security corners say it was for convenience sake. Studies show that layering on security after deployment often has the opposite outcome. 68% of organizations who don’t secure digital transformation experience a costly cybersecurity exploit, per Ponemon Institute.

Restaurants are waiting until they’re bit by hackers to think about mobile security. The majority of operators who got hacked last year turned up the dial on mobile security spend, per the MSI. Treating security as a breach bandaid is far from cost-effective. Luckily, the issue is totally avoidable.

It’s Super Expensive to Put Security in Second Place

Restaurant brands that suffer a data breach can lose as much as 30% in brand value. 80-90% of your customers will choose to dine elsewhere after a data breach hits the news. You’ll also struggle to attract and retain new customers. The majority of Americans consider a brand’s reputation for cybersecurity before they purchase or sign up for anything.

Recovery after a mobile security incident isn’t cheap or quick. One huge, consumer-facing brand is still struggling to regain customer trust and profits 6 years post-breach. 

Diners care deeply about data privacy. They’ll defect regardless of what kind of personal data you lose, including loyalty program or gift card hacks. Loyalty program hacking has become a $1 billion dollar industry, according to the New York Times. Disclosing a data breach is required by law, and it’s going to get noticed by diners.

The Problem with PoS System Solutions

SaaS platforms for integrated restaurant POS are fast and simple to deploy. They’re sold as secure because they offer built-in data encryption and cloud security updates. Big-name restaurant solutions are an all-in-one answer to customer apps, tabletop kiosks and staff mobility.

It’s appealing to outsource mobile security to a cloud vendor, and many believe it means the IT team is just responsible for device and network configurations Restaurant managers with minimal tech experience can download apps to devices in less than one hour.

However, cloud restaurant solutions mean you’re cutting a lot of corners when it comes to security. Integrated mobile restaurant POS don’t account for hardware or device settings. The problem is that you’re still vulnerable on many levels to device tampering, malware, and other vulnerabilities.

Mobile restaurant POS don’t lock down devices to prevent staff from using tablets to access WeChat or TikTok during slow times. These devices are vulnerable to malware-laden apps downloaded outside official play stores. A single infected device can quickly infect every “secure” device on the network.

Integrated mobile POS lacks key capabilities to cover the basics with policies for PIN security, password policy, or whole-disk encryption. Restaurants need mobile threat detection (MTD) and response capabilities.

Device Cybersecurity for Restaurants

Security doesn’t need to be a barrier to digital transformation. Security by design is now a regulatory requirement for many restaurant chains. It’s also much cheaper than the alternative of waiting to get breached and using security as a bandaid. The solution is to build security into your initial requirements, harden devices, and take a platform approach to dedicated device orchestration.

Build Security into Requirements

Securing mobile rollout 1.0 or 2.0 means creating better security requirements for hardware, software, and platform vendors. Mobile security demands a multi-layered approach to securing devices from the hardware and firmware level on up. 

When you’re working with vendors, take a specific look at their approach to authentication, encryption, and patching. Make sure you can secure devices in real-time and respond to risks across the entire device ecosystem. 

Harden Devices

Device hardware needs to be tamper-proof across employee devices, kiosks, and digital signage. Mobile devices should be secure against a variety of risks that include installing malware via juice jacking, sim tampering, and theft. 

Device theft is unavoidable, but it’s actually a much bigger deal than replacement costs. Restaurants need to know immediately when a device leaves the premises with geofencing capabilities. Real-time detection to isolate and wipe a device remotely can protect your data before a stolen device is sold on eBay. 

Choose a Platform for Visibility and Response

Mobile device management should make it easy to monitor and manage all your dedicated devices from a single location. An IoT platform can mitigate attacks by providing visibility into every layer of mobile threats. 

Platforms offer remote provisioning at scale across hundreds or thousands of restaurant locations. Esper makes it easy to protect restaurant mobile devices from risks of device tampering, unauthorized apps and other misuse.

A device orchestration platform creates a unified approach to cybersecurity management. Esper provides total visibility throughout the device lifecycle and the ability to take real-time action in response to emerging risks. These devices are key to the restaurant customer and employee experience, but they don’t need to expose your data. 

Book an Esper demo to learn about secure restaurant mobility for devices.