Key Strategies & Topics PRIORITY LEVEL: HIGH
1
DEPLOYMENT / IMPLEMENTATION
INCIDENT RESPONSE
Covered by the implementation project plan
• Have a plan • Rehearse plan (tabletop exercises) • Defined responsibilities internally and externally • Communications responsibilities and plans • Have an outside facilitator run the table top to avoid internal political issues
RESPONSIBILITIES – FRANCHISEES VS. FRANCHISORS • Shared responsibilities for PCI, and PII – customers and staff • Employee cyber security training • Document systems and processes • Standardize wherever possible • Internal department awareness and communication
BUSINESS CONTINUITY AND DISASTER RECOVERY • Multi-path connectivity to compensate for network outages. (black outs) • SD-WAN to protect application performance during periods network congestion. (brown outs)
LOYALTY SYSTEMS & POS SECURITY RESPONSIBILITIES – SERVICE PROVIDERS, OPERATORS
CURBSIDE PICKUP & POS SECURITY
• Identify core requirements, risks • Identify PCI surface area run the table top to avoid internal political issues
PCI DSS • Proactively maintain PCI DSS compliance • Prepare for new PCI DSS 4.0 requirements (to be released in mid-2021) Phone line encryption for VOIP (already a requirement) systems utilizing credit card data • System Verification (PCI Compliant Pointto-Point Encryption (P2PE) approved • Vendor Verified and Compliant • 3rd Party Vendors compliant
USERS - IDENTITY AND ACCESS MANAGEMENT • • • •
Card sharing Employee ID best practices QR codes for ID Difference between identity and authorized access
ONLINE ORDERING SECURITY & THE POS
PRIORITY LEVEL:
?
Third-Party POS integration/Security category
POS SECURITY PRODUCT REQUIREMENTS P2PE, EMV, SSO, Security & Scalability, Tokenization, Partnerships, Device Management, Centralize Patch Management, Granular Security Capabilities (franchisee/ors, service providers)
RESTAURANT TECHNOLOGY NETWORK
|6|
