Great brands each have their own personality and strengths, but one thing they all have in common is that they are built on trust and integrity. Whether you’re buying a burger and fries, a new outfit or a TV, no-one chooses to deal with a brand they don’t trust. Brands are like friends – we want to feel that we know them, and that we can be sure of their integrity, and that they’ll always do the right thing by us.
Brand trust and integrity is built of many building blocks – products, service, reputation, partners, the way they treat their customers and staff and many more, including security. It’s hard to build that strong position of trust – it takes time and effort, often over an extended period of time. But unfortunately it can be much easier to destroy it. Often removing just one of those building blocks is enough to bring the whole trust and integrity edifice down.
That’s certainly true of data security – if a brand doesn’t protect its data, particularly data about its customers, it can very quickly see its reputation tarnished or even completely destroyed. Bad news travels faster than good, as disgruntled customers tell others about their experience, or a data breach makes headlines or goes viral on social media. That turns away customers and results in lost revenue and profit.
Protecting customer information is therefore essential for a hospitality business that wants to build – and maintain – its reputation as a trusted brand.
What information do hospitality businesses hold, and where are the exposures?
Hospitality businesses collect data about their customers – payment details, name and address details, purchases made and product preferences. This is more and more frequently captured via a loyalty program or online ordering app. Transactions on a mobile device now represent 60 percent of all digital restaurant orders and 79% of consumers now expect to use technology to place orders at QSRs and fast casual restaurants. This rapid growth of digital interactions with customers is accelerating the risk of data breaches.
When customers place an order, they have an unspoken but nonetheless very strong expectation that the business will manage it in a way that prevents it being obtained for malicious purposes, being sold on or openly shared.
Failure to protect customers’ information leaves a hospitality business open to reputational damage, large fines or even legal action. These take a long time to recover from, especially reputational damage - customers have very long memories when they feel they have been wronged.
Other valuable data that could be at risk
Whilst there is a legal obligation to protect customer data (under The Privacy Act 1988 in Australia and GDPR in the UK and Europe), there are other good reasons to have robust data security.
- Staff information – employers hold personal identifying information about their employees, which they must also manage in line with legal requirements.
- Operational and financial data may be essential for giving a business its competitive edge. Examples could be ingredients and recipes, marketing plans and new product information, financial information such as account numbers. All of this data is essential to keep a business running and ahead of its competition and its loss has a big impact on position in the market.
Who is at risk?
No business, large or small, is immune to data security breaches –some high profile ‘big names’ have been hit in recent years:
- January 2024, Mexican restaurant chain Guzman y Gomez’ customer accounts were compromised through a credential stuffing campaign, an attack that works through trial and error, with a threat actor automatically entering known usernames and passwords into website login forms in the hope that users have reused details across multiple services.
- McDonalds suffered a data breach in 2021, which exposed customer data. It was rapidly identified and shut down, but only at significant cost and effort.
- DoorDash had a data breach that saw information about 4.9 million customers exposed.
- Chick-Fil-A suffered a breach via its mobile ordering app in 2023, via an automated, credential stuffing attack. The attackers gained customer names and addresses, but only masked credit card numbers.
What can you do to protect your customer data and your brand?
- Educate yourself about security and risk.
- Get expert help to put measures in place – not only systems, but education for staff too.
- Integrate user-friendly security features. Strong defense shouldn't feel like a hurdle.
- Select software that has robust built-in security features
- Think about your supply chain and where you share data (for example with delivery providers) and demand highly robust procedures.
Protecting customer data is an essential building block in creating a strong edifice of trust and integrity. Hospitality businesses must have the data security in place to keep their brand and their reputation standing firm.
