RSS Subscribe

Security concerns for a franchise operator run deep and wide. From onsite cameras and POS systems, to technology that keeps hackers out of your system and away from your customers' credit card data, there's a lot of ground to cover. Experts from on-premise security to computer security consultants and suppliers weigh in regularly with tips, strategies, technologies, and best practices that can prevent franchisees from becoming the latest victim.

Look here often for contributed articles and interviews with security experts, suppliers, and franchisees.

Feature Story:

Is Your POS System Safe?: 5 Critical Questions For Your POS Vendor »

By Brand Barney

While very skilled at installing systems, point-of-sale (POS) vendors often don't understand security basics and likely won't make your security their main priority. Obviously, this can lead to very poor organizational security. After all, your POS system harbors some of the most valuable information at your organization: customer credit card data.
Before hiring someone to set up your POS environment, there are five key questions you should ask. These questions are designed to help you weed out ignorant vendors that don't have your security best interests at heart.

Feature Story:

Cybersecurity Tips For Small Business Operators »

By Darren Guccione

From Target and Home Depot, to Apple's iCloud, Sony, and Anthem, it seems there's a new security breach announced every other week. Polls indicate that 50 percent of small- to medium-sized businesses believe they are immune to targeted cyber-attacks because criminals are more focused on large corporations. The reality is these companies are easy targets because they don't invest in new tools to defend against today's new breed of cyber attacks.  All companies, regardless of their size, are at risk.
Older, traditional security solutions are based on technologies that rely on knowing something about the attack, such as the vulnerability targeted, the malware used, or the reputation of the email sender. These tools may block basic known malware, but they are incapable of identifying today's dynamic, multi-vector, multi-stage attacks...

Feature Story:

Are You Ready?: New PCI Security Rules Will Require Changes »

By Giles Witherspoon-Boyd

Hopefully, you've heard that the Payment Card Industry Data Security Standard (PCI DSS) has changed... again. In November 2013, the PCI Council released PCI DSS version 3.0 and set the compliance deadline for January 2015. With only a few busy months remaining, many businesses (including franchisees) aren't even close to compliance with the new standard.
Why change the standard? Changing technologies often improve business efficiency, but aren't bulletproof to the weaknesses consistently found and exploited by hackers. New security regulations like PCI 3.0 are released to protect new technologies against recent hacking trends.
In my opinion, Requirement 4.1 is the biggest PCI 3.0 change for franchisees. Many franchises and chains use satellite communications to connect locations...

Feature Story:

Prevent Hacking Horror Stories: 3 Online Security Failures To Learn From »

By David Ellis

We hear hacking horror stories every day. Businesses around the world call us in a panic, needing to decipher what went wrong with their security. Unfortunately, for many franchisees and franchisors, these miscues are common. My hope in sharing some details from three actual security failures is that you will discover actions you can take to enhance your own IT security practices.
1) Pass the pepperoni and passwords, please. Several small pizza chains used the same restaurant management software and POS system. Sadly, hundreds of those restaurants were hacked.
Once each restaurant's POS system was configured, the local restaurant owners did not change the default password set by the payment application vendor. A hacker easily deduced the password, infiltrated each POS system, and installed a memory scraper (malware designed to "scrape" sensitive information from system memory)...

Feature Story:

Card Catastrophe: Why Mobile Processing Should Scare You »

By Jon Clark

Have your begun processing payments with a smartphone or tablet yet? Maybe they're seriously considering implementing a mobile processing strategy like many other businesses and micro-merchants. That's wonderful. But here's the bad news. Though mobile payments are growing exponentially, the security portion of processing credit cards via mobile devices has seriously been neglected.

Get up to speed with the issues
Mobile processing (e.g., Square, GoPayment) is a double-edged sword. On one hand, it allows more processing flexibility, but it also has the potential to dramatically increase fraud and business liability. The problem with mobile devices is that they weren't made for security or payment processing. Hackers know that, and they are after customers' profitable payment data...

Feature Story:

Cheating The Family »

By Lois Lang, Psy.D.

How to Handle Embezzlement in a Family Business
Hearing about embezzlement in a public company rarely shocks anyone, but when it happens in a family business, people are often stunned. "How could he steal from his own family?" "Doesn't she know she's hurting her siblings/cousins/parents?"
As tough and painful as embezzlement is, it's not as uncommon as many of us would like to think. Sure the kind of embezzlement that results in jail time is rare, but other levels of it happen daily.
How could this happen? Many factors lead to embezzlement, including chronic financial strain, a general sense of family entitlement, lack of internal company controls, and the reality or perception of being overworked and underpaid. To make matters worse, often the embezzler doesn't even know that what he or she is doing is wrong...

Feature Story:

Make Payment Security Standard: 7 Tips To Safeguard Your Business From Data Breaches »

By Joe Durfey

If I know anything about franchisees, it's that they have lists for everything, from daily kitchen cleaning practices to employee entrance procedures. In the spirit of checklists, I've specified seven basic payment security elements on which to build an in-house vulnerability management program and avoid fines that may result from Payment Card Industry (PCI) Data Security Standard (DSS) non-compliance.
1) Create employee policies for handling card data. Business security often fails from a lack of security policies that regulate employee interaction with sensitive data. Remember Sony's embarrassing compromise in 2011 that put 25 million users and 20,000 credit card numbers at risk? The right employee policy, in combination with some simple security fundamentals, would have easily prevented worldwide humiliation...

Feature Story:

Data Breach Coverage: It's Better To Be Safe Than Sorry »

By Peter Clark

With an estimated 1.8 zettabytes of information created and stored in 2011 alone, there has never been a more opportune time for hackers to challenge franchise data security, according to a DC Digital Universe study. Numerous yearly reports announce the increasing strain of data breaches among large and small businesses alike. Since it may seem impossible to predict and protect against each possible scenario, have you considered breach coverage or breach insurance to act as a fail-safe solution?

The real cost of compromise
What many businesses don't realize is that the compromise fine assessed by most merchant processors ($5,000 to $50,000) is only the beginning of penalties associated with a data breach. Other costs may include the following:

Feature Story:

Cover Your Assets: Tips For Safeguarding Your Wealth »

Multi-Unit Franchisee

Litigation is America's fastest growing business because plaintiffs have everything to gain and nothing but a few hours to lose, says Hillel Presser, author of Financial Self-Defense (Revised Edition),
"Even if a case seems utterly ridiculous - like the man who struck and killed a teenager with his luxury car and then sued the boy's family for damage to his bumper - defendants are encouraged to settle. It's sometimes the only way to avoid potentially astronomical legal fees," he says.
If you haven't already taken steps to protect your assets, that's one New Year's resolution you'll be glad you made and followed up on, Presser says. And while it helps to have the assistance of a lawyer who specializes in asset protection, there are many things you can do yourself...

Feature Story:

Time To Own Up »

By Gary Glover

Who is really responsible for network security?

An overwhelming number of franchisees are perplexed about network security ownership and responsibility--especially when it comes time to pay for a data compromise. Many incorrectly assume the franchisor or franchisee-appointed third party IT company manages all aspects of their security, including adherence to Payment Card Industry (PCI) compliance. Generally speaking, this confusion stems from unclear delegation of security obligations between franchisors and franchisees. This leads franchisees to make assumptions concerning who is ultimately responsible to ensure their PCI compliance is fulfilled, and who is liable in the event of a breach.

Feature Story:

Smart Patrol: Mobile Payments Fraught With Security Problems »

By Gary Glover

The rapidly expanding mobile payments market is attractive to merchants because of the low entry barrier to obtain a smartphone or tablet device. Dozens of companies, acquirers, and payment entities offer mobile payment solutions, and hundreds of thousands of merchants use them. Despite its convenient and futuristic qualities, the mobile platform was not designed as a secure application environment and seriously lags behind in payment security.
If I were a hacker, I would invest my time in devising ways to attack mobile smartphones. Think of the sensitive data stored or entered in your smartphone, such as bank login information, credit card numbers, and your personal information. Because it is connected to the Internet at all times, a smartphone is at great risk for malware designed to grab sensitive information...

Feature Story:

Are You Leaking?: Securing Customers' Credit Card Data »

By Gary Glover

The cost of credit card data compromise has risen nearly 70 percent since 2010 (Cost of Cyber Crime Study, 2011). Often, payment card information found by criminals is electronically just "laying around," waiting to be discovered.
In a recent report released by SecurityMetrics, (Merchant Data Security Report, 2011), 71 percent of the 2,700 merchant systems scanned had stored unencrypted card numbers. In all, more than 378 million card numbers were found on the systems tested. That is more than 12 times the total amount of sensitive records publicly reported compromised during 2011.
The question you must consider is: Do you have unprotected card data on your franchise point-of-sale or back office systems waiting to be harvested and sold for fraudulent purposes?
As a Payment Card Industry (PCI) Qualified Security Assessor (QSA), I conduct many onsite security assessments and continually see problems that result in insecure data storage--even on very sophisticated merchant or service provider systems...

Feature Story:

Hacked Off: Ready-made Templates Make For Effortless Hacking »

By David Ellis

There was a time when a hacker needed exceptional computer skills to breach a system. Only the most talented and experienced computer users could successfully bypass even the most minimal security provisions. Sadly, those days are gone. Recent investigations have revealed a disturbing trend: the availability of readily accessible hacking-made-easy tools has swelled the ranks of effective hackers. Now, an amateur with a grade-school computer education can often hack a poorly defended business network in minutes after downloading a free hacking template.
This alarming news should serve as a wake-up call for franchisees to increase their IT security vigilance. Novice hackers everywhere are now standing on the shoulders of computer geniuses, giving them the expertise to hack into systems and steal sensitive information that was previously beyond their reach...

Feature Story:

Counter-Measures: Protecting Your Customers' Credit Card Data »

By David Ellis

You may not know it yet, but you are at war. An unprecedented battle rages over what you are entrusted to protect: your customer's credit card data. Your IT infrastructure is the last line of defense between you and a powerful enemy composed of a myriad of attackers with finely honed hacking skills, backed by organized crime. At the center of the fight today are multiple-franchise merchants. Visa corroborates this in stating that up to 97 percent of data compromises are suffered by smaller merchants and "specifically franchisees." The possibility of gaining access to a multiple-franchise network is a tempting prize, and attackers are relentless in their efforts to obtain customer credit card data.
Recent experience confirms that hackers are increasingly exploiting a common potential vulnerability, giving them unrestricted access to your system through your own remote access application...

Feature Story:

Service Dogs In The Restaurant: Justice Department's Rules On Service Animals Become Increasingly Strict »

By Grace Y. Horoupian

In 1991, the Americans with Disabilities Act (ADA) issued regulations which allowed the use of service animals in public, including restaurants, hotels, retail establishments, theaters, and concert halls. The ADA's mandate caused little stir early on because service animals at that time were primarily "seeing eye" dogs highly-trained to help persons with blindness, deafness and some other disabilities while ignoring such distractions as food, strangers, and the presence of other animals. But given the regulations' lack of definitions, service animals steadily expanded more and more to boisterous poodles and irritable purse dogs, to say nothing of rabbits, rats, ferrets, lizards, and snakes. Doctors seemed to obligingly write notes testifying that the animals were helpful for mood support or to fend off depression and "therapy dog" vests could easily be bought online with no questions asked...

Feature Story:

Opportunity Knocks: Anil Yadav Is Closing In On 200 Locations »

By John Carroll

When Anil Yadav hears people talk about the United States as the land of opportunity, he takes pride in the fact that his life since emigrating from India has been a testament to the promise implicit in that phrase.

From his first job as a teenage fry cook at the local Jack in the Box in Northern California, to his position today overseeing an empire of 181 restaurant locations, Yadav knows firsthand what that promise means.

Today, he takes pride in remembering his own humble beginnings and still likes to roll up his sleeves and jump in to cook burgers at one of his 155 Jack in the Box units. He not only knows how to cook--he could train most any of the thousands of employees who rely on him for a job.

"We've enjoyed a lot of growth," says Yadav...

Feature Story:

The Leadership Toolkit: 4 Fundamentals For Becoming A Better Leader In Your Business  »

By Tom Welter

In my 20-year journey of understanding leadership fundamentals, I have found change to be constant and adaptability to that change as the number one indicator of personal success.
We all understand that the world is changing. Technology alone reinvents itself in a compressed life cycle ultimately changing the way we conduct business, live our lives, and expand our leadership footprint. Ten years ago, nobody would have guessed that today's business leader would be able to receive e-mail, text, check-in for flights, manage a personal financial portfolio, and talk to others on one device.
This column is part one of a three-part series on projecting yourself forward into the new reality of change and the architecture of leadership...

Feature Story:

Card-Carrying Facts: New Gift Card Regulations For Retailers »

By Jan Gilbert and Suzie Loonam Trigg

Gift cards can be an important component of customer loyalty programs. They can help attract customers, driving sales and brand awareness. New federal rules governing the use of gift cards have recently gone into effect. You certainly should be aware of and comply with the new laws.

Last year when President Obama signed the Credit Card Act of 2009 ("the Act") into law, the nation's attention largely focused on those provisions of the law that aim to change the way credit card companies do business with consumers. However, since the Act imposes requirements on gift card issuers, it also changed the way many retailers and franchise companies will do business with consumers.

Federal regulations implementing the Act's gift card requirements were issued on March 23, 2010 and became effective on August 22, 2010...

Learn More

2015 MVPs! And the winners are...    

Multi-Unit Franchisee Magazine

Issue III, 2015

Multi-Unit Buyers Guide    

2015 Multi-Unit Buyers Guide

Special Edition

Top Opportunities »

A Franchise Update Media Group Production
Franchise Update Media | P.O. Box 20547 // San Jose, CA 95160 // PH. (408) 402-5681
Copyright © 2001 - 2015. All Rights Reserved. Site Hosting Provided By: wishVPS on FUMG3

In Loving Memory Of Timothy Gardner (1987-2014)