data security: a field guide for franchisors
TRANSCRIPT
Data securityA field guide for franchisorsgrantthornton.com/franchisorcybersecurity
Franchisor systems are
vulnerableFranchisors use technology networks every day for:
• Sales tracking
• Royalty payments
• Customer credit card information
2
Are you at risk?
Costs of a data breach
Data breaches can have major consequences for franchisors:
• Negative press reports
• Loss of business
• Penalties
• Class-action lawsuits
3
Protect your credit card data
Do not retain payment card data
Implement network security guidelines
Secure remote management applications
Create unique user IDs and complex passwords
Check point-of-sale machines regularly
Verify third party vendor security procedures
on point-of-sale system maintenance, firewall
management and website hosting
4
critical best practices
It doesn't end with credit card data — there's more.
Next up, 5 things that franchisors need to do now to protect their data.
5
Want to get the big picture?
Read the full article >
Establish policies and
procedures
Write, distribute and supervise adherence to a policy and procedures manual that dictates:
• How franchisees’ employees connect to the Internet
in order to avoid malware
• Passwords be changed regularly, especially in
franchise situations with high turnover
• Frequent data security training for employees
6
Encrypt personal data
Always follow the FTC's key principles: Take stock of the data
Keep only what you need
Lock it down
Dispose of what you no longer need
Plan ahead to respond to security incidents
7
Social media marketing campaigns and loyalty programs
gather consumers' personal information.
Also protect personal and financial data gathered from
employees, contractors and vendors.
Invest in intrusion-detection
software
• Monitor networks for suspicious activity
• Bolster incident-response planning
• Require franchisees to comply with notification and
general policy laws as part of their business agreement
8
Tip: Franchisors should conduct immediate investigations when there may have been a breach, and fully document the process. Read more >
Hire consultants to test
your systems
Choose consultants that think
like hackers.
They should use the same tools
that hackers do — including
automated systems that try out
default passwords.
9
Continually enforce data
safety policies
It's not enough to have an airtight policy if it's not applied consistently across the franchise.
10
Read the full article for more insights and best practices >
What franchisors can do now
• Make data security and privacy the way you do business
• Educate yourselves about risks and about taking proactive steps to guard against those risks
• Review the yearly Verizon Data Breach Investigations Report, which details data breaches
• Have oversight of data security at all of your franchises. In particular, you must help them comply with Payment Card Industry Security Standards (PCI DSS)
11
Brian Browne
Managing Director
Business Advisory
Services
Grant Thornton LLP
215.376.6057
Johnny Lee
Managing Director
Forensic, Investigative
and Dispute Services
Grant Thornton LLP
404.704.0144
InformationContacts
Matt Thompson
Managing Director
Business Advisory Services
Grant Thornton LLP
919.881.5882
12