Bring Your Own Device in the Restaurant
November 18, 2015
For most restaurant managers, smartphones have become a scourge. Seeing an employee checking her phone usually means that somewhere in the restaurant, work isn’t getting done.
As these devices – and restaurant operating systems – have evolved, their place in the restaurant has changed. In addition to online ordering and other customer-centric uses for smartphones, servers can use their handheld devices to send orders directly to the kitchen.
Restaurateurs that don’t want to buy tablets for every member of the wait staff have a new, less costly option: a Bring Your Own Device (BYOD) policy that allows team members to connect directly with the restaurant’s POS over a wireless network. This system can improve productivity and give your business a jump on the competition, but what is the best way to go about it? And what are the drawbacks?
Bring Your Own Device in the Restaurant
What Is Bring Your Own Device?
Simply put, BYOD means that you allow or even require your employees to use their personal digital devices (smartphones, tablets, and laptops) as a part of their workflow. Further, those devices will have access to privileged company data and applications.
BYOD Pros & Cons
Turning smartphones into work device at your restaurant might seem like a concession to bad employee habits, but many BYOD benefits occur at the managerial level. First, incorporating smartphones makes communication with hourly and salaried staffers more efficient and effective. Easily accessible information also makes it easier for employees to engage and take ownership of their responsibilities.
Additional benefits of BYOD include:
- integration with mobile restaurant applications
- monitoring of and quick responses to customer feedback
- easier data tracking for analyzing sales and labor metrics
- employee performance tracking
Setting up a BYOD system will require some effort, and (most likely) the assistance of either your IT department or a third-party developer. Logging in to a proprietary system will also require issuing usernames or company email addresses to each employee.
“Restaurant businesses have many cross functional systems to keep our organization humming. Many of these systems cater only to employees who have corporate email addresses,” Texas Roadhouse Communications Director Dave Dodson told Hospitality Technology. “BYOD allows us to extend the reach of many of these systems and creates efficiencies throughout our whole system, from HR to store support, to marketing, to training, crisis management and so on. “
Unfortunately, allowing employees to access your restaurant’s POS and other systems through their own devices can make your data vulnerable to hackers. Marble Security offers 10 tactics that crooks can use to get to your information:
- Advanced Persistent Threats: APTs are criminals that actively seek out access to commercial and corporate networks. An example: cyber criminals send phony emails from your human resources department that inform employees about job openings. If an employee downloads an infected message attachment, hackers can infiltrate the network.
- Malicious and Privacy-Leaking Apps: Unsecured mobile apps on employee devices can leak sensitive information. For instance, an employee’s game or productivity app might access their address book, which contains critical information on employees in your organization. If the app sends that content to a third-party Internet server, hackers can gain access.
- Compromised Wi-Fi Hotspots: Unsecured hotspots at in public areas allow snooping and session hijacking. If an employee uses a non-encrypted connection to access Facebook or email, their session is easy to hijack for a hacker on that network.
- Malware: Anti-malware programs for mobile devices are less sophisticated as those for PCs, and as a result, employees could access the corporate network through their infected device and pass malware into the internal system.
- Zero-Day Attacks: Criminals redirect website visitors to a page they control, where malware automatically installs itself on Android-based devices. The malware tracks the phone’s data and sends it to third party servers.
- Trojans: Malicious code that causes data theft and possible system damage. There are many trojans that can steal passwords, access banking information, or disrupt your device’s security system.
- Poisoned DNS (Domain Name System): Poisoned DNS routes traffic to fake, malicious websites. For example, a user can type “mybank.com” and the DNS will point them to a different server with a proxy website that steals your password.
- Spear Phishing: This practice targets specific users’ information within a corporation, rather than users themselves.
- SMS Phishing: Text messages that try to get users to sign in to their bank, PayPal account or corporate network.
- Jailbroken & Rooted Devices: Jailbroken iPhones and rooted Android devices are by definition completely unsecured and should not be allowed to access corporate networks.
BYOD Best Practices
The most important thing to address in a BYOD policy is the need for security. Like shopping and banking online, mobile technology is only as secure as the people who use it.
Restaurants can choose between three options to prevent security breaches in a BYOD environment. Marble Security breaks down each method and what they provide:
- Mobile Device Management (MDM): MDM protects data loss from lost or stolen smartphones and tablets. It also helps businesses comply with security and privacy regulations. MDM is a minimal level of security, however, that doesn’t secure networks, mobile devices, apps, and operating systems against complex or dynamic attacks.
- Mobile Application Management (MAM): This mid-level mobile protection allows businesses to remotely provision, update, and delete apps. Similar to MDM, MAM doesn’t enable companies to secure worldwide networks, mobile devices, apps, and operating systems against complex and dynamic attacks.
- Mobile Security Management (MSM): MSM provides comprehensive protection against compromised Wi-Fi networks, spear phishing, SMS phishing, malicious apps, malware, jailbreak jamming and poisoned DNS. Unlike MDM and MAM, an MSM solution provides essential services and dynamically adapts to new threats in real time.
Before implementing a BYOD system, also consider who is paying for device usage. Hospitality Technology recommends preparing answers to the following questions:
- Who pays for the usage of the device during work hours?
- Should the server be given a stipend to offset some of his or her device expenses?
- Does this apply to all employees, or are there some exemptions to be made?
Establishing security measures and putting a clear usage policy in place will go a long way toward making your BYOD program a success.
Bring Your Own Device in the Restaurant | Restaurant Technology Guys
Are you adding a BYOD policy to your restaurant? Let us know in the comments below.