5 Common Security & Compliance Mistakes Restaurants Make

[Image via]

Did you know that 60 percent of restaurants close their doors within two years of opening? And 80 percent don’t make it to the five-year mark. Often the reason for this is a lack of awareness about the less-fun aspects of running a restaurant. Compliance and safety are among the most common areas where restaurants make mistakes that can cost them customers, fines and even forced closure.

You want your restaurant to succeed. So it makes sense to lay the groundwork from a safety and compliance perspective. To help you do this, here are five areas where restaurants commonly make mistakes; avoid them and you’ll be well on your way.

1. They Don’t Secure the WiFi Network

This is a common mistake that all kinds of small businesses make, from retail to restaurants and beyond: they fail to secure their WiFi networks. Many restaurants today are learning that customers want WiFi connectivity. And there are benefits to offering it. Often restaurants, especially cafés and coffee shops, find that when they offer WiFi, customers stay longer and purchase more items.

While you should work out whether it makes sense for your particular business to offer WiFi to customers, you will need it for your own systems regardless. However, while it may be tempting to use your business’s WiFi for customers and avoid paying for two separate contracts, do not do this. It can leave you vulnerable to hacking. Similarly, you should not use the same WiFi network as your POS system. This can open the door for hackers to install software or collect sensitive data.

You may, however, be able to get away with using the same router that you use for your business by simply adding another network name (or SSID) to it, as business-grade routers generally allow for multiple networks and varying levels of security. Just make sure that you hide or encrypt private networks with sensitive data on them and password-protect customer WiFi to discourage hackers from taking advantage on the fly. Learn more here.

2. Their POS Systems Aren’t Protected

Did you know that restaurants account for 73 percent of all data breaches each year? That’s up from just 29 percent three years ago, a huge (and very alarming) jump. Hackers target restaurants because they are plentiful and because many of them do not have strong security practices in place.

One way to protect yourself against this type of attack is to ensure that your restaurant is PCI DSS compliant. This isn’t a nice-to-have. For any business with a POS system, it’s required. If you fail to meet these basic security standards, you could open the door for hacking and get yourself in big trouble in the case of an audit.

So what exactly is PCI DSS? It stands for Payment Card Industry Data Security Standards, and is a set of standards for securely handling credit card payments. It was developed by the major card brands to protect themselves as well as businesses and consumers from fraud, theft and other security challenges associated with credit card payments.

PCI compliance audits should be performed annually, but it’s important for restaurants to continually monitor their systems and ensure that they are up to snuff. You can get more information about PCI compliance here.

3. They Don’t Complete I9s Correctly

Are any of your workers immigrants? If you’re a restaurant, the likely answer is yes. That makes it all the more important that you fill out I-9 forms correctly and to the letter. These ubiquitous forms, designed for employment eligibility verification, are required for all employees.

Employees must complete the forms no later than their first day of employment with you, so don’t delay on this key piece of paperwork. Additionally, you should verify that employees have completed them accurately and completely. If any corrections are needed, remember that you must initial and date the changes.

Now, you may think that it’s a good idea to check several forms of identification to protect yourself from hiring an undocumented worker unintentionally. However, it is actually illegal to ask for any documentation beyond what is listed on the I-9 form. Doing so could constitute discrimination, so be careful. You may also want to check out this full list of other common I-9 mistakes to make sure you’re covering all your bases.

4. They Don’t Educate Employees

One major source of compliance failures, even at restaurants where managers are fully aware of their obligations, is employee mistakes. Many of these stem from a lack of education from managers. It’s up to you as a leader to not just educate yourself on the steps that must be taken to keep your restaurant secure and compliant, but to communicate those expectations to your employees.

For example, many employees will not bat an eye at someone who appears to be official coming in to “service” your POS systems, so many hackers have gotten in this way.

You should take the time to educate your employees, including GMs, on how to use the point of sale system and what to expect from a technology security perspective. Be sure to let them know if someone is coming in to perform any type of maintenance or upgrade activity, and let them know that if they don’t hear it from you, they shouldn’t permit a stranger access to your POS or any other systems.

Also, when you go about choosing a POS system, you should choose one that managers can quickly learn how to use and one that is very secure. Many of today’s mobile POS choices offer added security features, flexibility and intuitive interfaces that employees can pick up swiftly.

5. They Keep Sloppy Records

Finally, any compliance system is only as good as the records you are able to keep. While many restaurants have relied on simple binder-based systems for years, this is not practical for restaurants with multiple locations and complex operations. Moreover, these types of systems are easy to misplace, impossible to access remotely and vulnerable to theft or misuse.

Instead, consider adopting a digital compliance solution like Squadle that will make it easier for employees to keep tight records. This will also make it possible for you to check in with your restaurant locations from wherever you may be, eliminating the need for superfluous trips and allowing you to do your job more efficiently and effectively.

Make sure to train your staff on how to keep proper compliance records using technological solutions, so that when the time for an audit rolls around you aren’t caught off-guard.

There are many potential pitfalls when it comes to running a restaurant, but the good news is that you don’t have to learn the hard way. Plenty of resources exist to help you get up to speed and ensure that you don’t make “rookie” mistakes when it comes to compliance and security. Becoming PCI compliant, securing your WiFi networks, filling out tax forms correctly, training your employees and keeping spotless records will help you avoid some of the biggest mistakes and allow you to get back to the real business of serving your customers.