Communicating to better manage cyber threats

Businesses are in a challenging spot when it comes to cybersecurity. In addition to having to think about the systems that they need to protect guests’ personal information and other business assets from potential theft in a digital age, employers must consider their practices for protecting and communicating with their employees about these threats. Lawsuits filed recently by at least 11 Panera workers against their employer underscore this point. The company said they detected a cyberattack in March of this year, after which they engaged a cybersecurity firm and law enforcement. The subsequent investigation found that threat actors had accessed corporate files during the attack. However, Restaurant Business reports that the workers involved in the lawsuits say they weren’t officially notified about the breach until June 13 or later, when they received letters indicating they may have been impacted. Cyberattacks are becoming an unfortunate part of doing business – in the restaurant industry and beyond. While nearly half of all small- to medium-size businesses have experienced a cyberattack, 43 percent of them don’t understand what security they need, according to cyber research from Sage Group. What’s more, there is also a lack of understanding about the time it can take to identify and contain a data breach – an average of 277 days, according to IBM and Ponemon Institute research, though breaches involving lost or stolen credentials take even longer at 328 days. At a time when restaurants share so many digital connections with suppliers and vendors, these attacks are difficult to avoid. It’s important for a restaurant’s vendors and other partners to have a shared commitment to cybersecurity hygiene, for sure. But in case breaches do occur, it’s just as important to have clear communication policies to help stakeholders understand the restaurant’s efforts to protect them, as well as any risks they may be taking on as part of working or transacting in an increasingly digital environment.