28 Aug UK restaurants increasingly targeted by online criminals, warns cybersecurity expert

UK restaurants are facing a growing threat from cyber criminals as the sector’s rapid shift to digital services creates new opportunities for attack, according to Professor Kamal Bechkoum, Chair of the Minsky Academy.

Speaking with Mark Ferguson of More Fire PR in a Favouritetable podcast, Professor Bechkoum explained that restaurants have become prime targets because of the sensitive data they hold through online reservations, delivery platforms, loyalty schemes, and digital payments.

Unlike banks or major retailers, many restaurants lack robust security systems, leaving them vulnerable. “The hospitality sector offers a rich mix of valuable data but often has weaker defences, which makes it very tempting for cyber criminals,” Professor Bechkoum said.

The most common threats currently facing restaurants include phishing and ransomware. Phishing attacks often arrive as convincing emails, such as fake messages from delivery platforms, designed to trick staff into clicking malicious links.

Once inside a system, attackers can deploy ransomware, locking operators out of their own platforms until a ransom is paid.

In some cases, businesses have lost access to online ordering systems for days. Other risks include data leaks, weak password practices, and potential breaches of GDPR regulations.

Professor Bechkoum stressed that preparation and training are as important as technology. “People are the first line of defence. Staff awareness can make the difference between a safe system and a compromised one,” he said.

Practical steps, such as short, regular training sessions, real-world scam examples, and visible reminders can help staff recognise threats and respond appropriately.

He also outlined six essential measures for restaurateurs: Use unique logins and strong passwords; keep systems updated; secure wi-fi networks; train staff to spot phishing attempts; establish an incident response plan; and commit to ongoing cyber training.

In the event of a breach, businesses must act quickly: isolate affected systems, bring in cyber-security expertise, report incidents to the ICO within 72 hours, and communicate transparently with customers and staff.

Professor Bechkoum concluded by stating that, while cyber-crime is rising, integrated platforms such as Favouritetable can reduce risks by keeping reservations, ordering, and management in a secure, centralised environment.

• For more information on cyber-security training for hospitality, visit minskyacademy.co.uk
• For further details about Favouritetable, see: https://www.favouritetable.com/