Nevada Restaurant Association
Shiny Toy Syndrome:
With employee-owned phones, a not-so-cool security risk for Nevada restaurants
While tech-giddy employees are prone to fawn over every new piece of electronics smuggled into your restaurant—devices that are often used in violation of your business’s policies—computer pros see something very different: a security breach waiting to happen.
For security, the hard fact is many of these unauthorized devices can slash gaping holes in restaurant computer security systems in a nanosecond, exposing your data and applications to hackers.
The reason? Your computer security pro or software is only able to safeguard your restaurant computer system when it’s known ahead of time what kind of smartphones and tablets will be logging into their systems.
Add a new smartphone on-the-sly—with a foreign operation system and apps that may be riddled with viruses—and all of your restaurant’s fully-coded computer defenses can be shredded in an instant.
“The consumerization of IT, sometimes called ‘Bring Your Own Device’ or BYOD, became one of the newer causes of data vulnerability,” says Mark Harris, a vice president at Sophos, an IT security firm.
Bottom line: With a torrent of employee-owned phones now in the restaurant workplace—both authorized and unauthorized—security IT consultants say it’s imperative for every restaurant to establish a crystal-clear, Bring Your Own Device Policy.
Key to that policy, according to Wisegate www.wisegateit.com, an online community of IT experts:
1. Invite everyone to the Policy Bake: Restaurants will get easier buy-in if everyone to be impacted by the policy participates in its creation.
2. Shop Security Solutions Thoroughly: The good news is that security solutions providers are well aware of the BYOD security threat, and have been busy coming up with solutions.
3. Solutions to check out include MobileIron http://www.mobileiron.com, Excitor DME http://www.excitor.com, Fiberlink’s Maas360 http://www.maas360.com, Microsoft Active Sync http://www.microsoft.com/download/en/details.aspx?id=15 and Soti Mobicontrol http://www.soti.net/mobicontrol.
4. Only Allow Email That Resides on the Network: Be sure employees can only access—but not physically download—your restaurant’s email with their smartphones and similar devices when they sync with your restaurant server. Under that scenario, if they lose the phone, their email will still be safe and secure on your restaurant mail server.
5. Force Password Strength on All Devices: A security system is only as strong as its weakest password. As a deterrent, security experts recommend passwords of more than 12 characters, which should include a nice mix of letters, numbers and symbols. They also advise restaurants to program automatic rejection for passwords that are less complex.
6. Decide Who Owns the Phone Number: A new conundrum for our technological age, deciding who gets the phone number after a break-up has become very touchy. A key staff member who takes his/her phone number along to the next job—which may be at a competitor—could steal a good deal of business away from your restaurant in the process.
7. Be Sure to Wipe: Dealing with lost/misplaced smartphones and other devices may be easier if you buy software that allows you to wipe erase business data only, while preserving personal data.
8. Insist on Timely Notification of a Loss: Be sure to secure the promise of timely notification of a loss in writing.
9. Encourage Employees to Sign Often: To protect against employees who ‘sign-and-forget’ BYOD agreements, require employees to
re-sign such agreements every six months.