According to research, 85% of organisations have suffered from phishing attacks.

And, no, we’re not referring to some form of bizarre, unprovoked attack from a fishing rod-wielding maniac – this is cybercrime of the most irritating and damaging kind.

As a restaurant with lots of staff – all with different levels of technical proficiency – it’s vital that you do all you can to mitigate the damaging consequences of phishing scams.

What is phishing?

If you own an email address, you’ve almost definitely received a phishing email at some point in time.

Purporting to be from an official body or business (usually your bank or a well-known product vendor), phishing emails are in fact sent by cybercriminals. They vary in ‘quality’, but the most convincing do a frighteningly good job at looking authentic.

Their goal is to obtain personal information from you such as passwords or credit card details by tempting you to complete a form on a website that has also been given the costume treatment.

How can phishing impact my restaurant?

If a member of staff receives a phishing email and decides to follow the call-to-action, they might end up giving away either their personal data or that which belongs to the business.

Either way, you’ll end up with a very unhappy employee and a data breach within your business.

OK, so how can my restaurant avoid a phishing scam?

We think there are five ways you can prevent this form of cybercrime:

1. Approach the subject with your team

Beyond the discussions about menu changes and cover management, it’s advisable to chat through IT security with your team on a regular basis.

Make it clear that you take this element of the business seriously and that you need everyone’s cooperation and support to prevent cyber attacks within the restaurant.

2. Verify the source

If you receive an email that suggests it’s from your bank or a retailer and it asks for personal information, call the organisation on a known number.

Ask them to verify the email.

We guarantee it won’t be from them.

3. Never open suspicious links or attachments

There’s one rule of thumb when it comes to the internet: if it looks dodgy, it probably is.

Unless you’ve received an attachment or link you’re expecting from someone or a business you trust, don’t act on it – ever.

4. Trust your instincts

As previously noted, some phishing attacks are remarkably clever. The branding, copy and even the landing page will look official, but if something doesn’t feel right, trust your gut.

5. Check sender addresses and URLs

If your bank sends you an email, you’d probably expect it to come from something like “”. You probably wouldn’t expect it to come from “”.

Similarly, if a URL looks odd, it probably is.

Although the cleverest of scammers are more than capable of covering their tracks, most aren’t. The clues are there if you look hard enough (poor grammar and questionable phrasing are also key indicators of a phishing email).

Wrapping up

Print off the list above and attach it somewhere prominently in your office. Brief the team on its contents and remind them of the golden rule: never provide personal information when the request arrives out of the blue, no matter who it’s supposedly from.

Image credit