A cyber attack can cost you money, leave you open to fines, damage your reputation and hamper or even cripple your ability to provide your services, so foodservice businesses need to take this risk seriously. Elliot Fry, senior associate at law firm Cripps, incorporating Pemberton Greenish, takes you through the issues…
In an increasingly technological and connected world, businesses in the foodservice industry need to think about cyber security. While attacks on global players like Mondelez or British Airways are more likely to make the headlines, the government’s National Cyber Security Centre reports almost half of SMEs have suffered a cyber attack.
Even if your business doesn’t have a wealth of personal data about customers, you will still hold employee files, recipes and other confidential information in electronic format. While theft of data may not be a significant risk in practice, be aware that data corruption or destruction can be just as crippling. Hackers can also hijack your payment system, redirecting payments into their own pockets and causing you potential cashflow problems.
Any organisation reliant on computer systems for data storage, to manage orders or control operations is an attractive target, as hackers can use ransomware to encrypt your data or lock you out of your own system, demanding payment before services are reinstated. Any downtime with systems controlling food production, storage or distribution could mean direct costs from spoiling and wastage, as well as potential breach of contract claims if you are unable to fulfil orders or service commitments.
Cyber attacks can also hurt your reputation, particularly if there is any suggestion food safety has been compromised. Risk-averse customers will be keen to ensure their service providers at all levels are secure and responsible.
Regularly backing-up important data – and testing that it can be quickly restored – is crucial. Back-ups should be stored separately (not connected physically or over local networks) from the main system to isolate them from potential threats.
You don’t have to use the very latest software, but you do need to install the newest security patches. Very old software (think Windows XP) is often no longer supported, meaning public vulnerabilities with that software aren’t addressed.
You can have the most advanced software in the world, but your people may still be a vulnerability. Make sure staff know how to recognise and avoid phishing e-mails, and put in place sensible password and security policies. Most of all, make sure staff aren’t punished for security mistakes and are encouraged to quickly report any issues instead. Policies are no good if your staff don’t follow them and a security issue being noticed is no good if it’s not reported.
Look at your contracts with customers and suppliers. Do you have protections in place with your tech suppliers? Is your liability as a result of a cyber attack limited with your customers? Finally, make sure your insurance arrangements give you adequate cover if available.
Cyber security can be an intimidating and panic-inducing area. While prevention inevitably involves some money and effort, it pales in comparison to the potential impact of a cyber attack on your organisation.
For more information about dealing with cyber attacks and commercial contract issues, contact Elliot Fry on 01732 224 034, e-mail [email protected] or visit www.cripps.co.uk