Franchises on guard against data thieves

By Leon Stafford Every day Hardee’s franchisee Todd Pahl is on the lookout for a predator he can’t see.It’s not lurking in the crevices along the baseboard or slinking just beyond the range of cameras. This danger hides behind the infinite 0’s and 1’s in the computers that no modern company can do without.The franchisee industry, especially restaurants, has become one of the favourite targets of data thieves.Tight budgets that leave little money for operators to get expert help, inadequate Internet security training from the corporate leadership of chains, and restaurateur hubris have attracted criminals to the industry. They snoop out passwords and get into systems through viruses, Trojan horses and programs that copy keyboard strokes. The result: millions in fees paid by operators to credit card companies, billions stolen from consumers and the loss of trust among restaurant customers.“We’re always monitoring our computer security because, unlike other problems, we can’t see this,” said Pahl, chief financial officer of By The Rockies, which also franchises Carl’s Jr restaurants. The company has more than 20 stores in the Atlanta area.Data thieves “are invisible,” he said.Data thieves have trained their sights on restaurateurs because of flimsy firewalls and a propensity by operators to put “back office” computers with credit and debit card information on the same servers as the desktops used to surf Facebook and get reality-TV updates.That has become costly. About 44% of credit card compromises originate within the food service industry, according to Trustwave, which helps companies to secure information and meet compliance standards.The thieves sell the financial information in huge files to third parties, who then distribute the files to individuals, who run up bills as much as they can before a cardholder or a bank notices and closes an account.When that happens, operators pay millions in fees to credit card companies for the money they have to pay consumers whose financial information is hacked, cyber-security experts said.And everybody is getting hit — from independent restaurants run by mom and pop operators to franchisees of big chains such as Subway, Firehouse Subs and Five Guys Burgers and Fries.Of course, cyber-security issues aren’t limited to the restaurant franchise community. The New York Times, Coca-Cola Co and former US president George W Bush have all recently been the victim of cyber-attacks. A study from a US security firm accused the Chinese military of leading Internet attacks against a host of industries, including military contractors and energy companies. Consumer products giant Apple and social media leader Facebook also have been hacked.Coca-Cola officials declined to comment on the issue of cyber-security, reiterating an earlier statement the beverage giant issued: “Our company’s security team manages security risks in conjunction with the appropriate security and law enforcement organisations around the world.”But keeping customer information safe is quickly becoming one of the restaurant industry’s biggest priorities. As Americans increasingly favour debit and credit cards over cash, companies are broadening what they see as important, adding cyber-security to the list, alongside the quality of their food, service and staffing.Cyber-security experts said the problem is not at the corporate level, but among individual franchisees who generally aren’t getting the tools to protect themselves. Many are owners of one or two stores that don’t have the size to make cyber-security a priority. Often, they are just doing well enough to pay wages and insurance, and make a small profit that they often have to put back into the business.“It becomes a business decision,” said David Barton, principal at Atlanta-based cyber-security firm UHY. “In most cases, you’re going to spend money where you are most comfortable.” Because of those low margins, they don’t take the extra steps recommended for their safety, said Tim Thomas, director of product management at Atlanta-based ControlScan, which helps companies protect their computers.For instance, the most common mistake made is co-mingling general-use computers with those that contain financial information.“They really need to segment their network,” said Greg Grant, head of managed security services at ControlScan. “Points of sales computers have to be segregated from all other systems. People are not aware that they have to do that.”And while $50 consumer-grade firewall and virus software is good for home computers, retailers with sensitive credit information from thousands of customers need much more robust protection, Grant said. They also need to think deeply about passwords and avoid easy-to-guess clues such as the restaurant’s name or that of its owner. — The Atlanta Journal-Constitution/MCT

Attending University of AppleBy Jeremy C Owens Apple announced last week that its iTunes U offering has surpassed 1bn downloads, as online education becomes more accepted at schools in the US and more popular worldwide.ITunes U offers free educational content from colleges, libraries, museums and more that can help professors create materials for their courses, which can be offered to students using the same platform.For example, Stanford University in Palo Alto, California — which offered the first publicly available iTunes U site after joining Apple for the pilot project in 2004 — offers lectures from its courses, as well as course materials, faculty presentations, event highlights and more on the service. Apple singled out Stanford in its news release for being one of two entities to produce more than 60mn downloads on its own.“With the incredible content offered on iTunes U, students can learn like never before — there are now iTunes U courses with more than 250,000 students enrolled in them, which is a phenomenal shift in the way we teach and learn,” Apple software chief Eddy Cue said in the February 28 announcement.Online education has become more accepted and widely used on college campuses in the past few years, as evidenced by the emergence of massive online open courses, or MOOCs, which offer education on the Web to anyone.The system is beginning to garner wider acceptance. San Jose State University announced in February, for example, that it will partner with Mountain View, California-based MOOC company Udacity for the first such courses to be eligible for college credits, offering three lower-level maths courses for $150, a much smaller fee than such classes typically cost at the state university. Also in February, the American Council on Education recommended credit for four Coursera undergraduate maths and science courses from Duke University, the University of Pennsylvania and University of California-Irvine; Coursera is also a Mountain View-based MOOC company.ITunes U growth also showed a spike in recent years, as online education has become more accepted. The company announced that it had surpassed 300mn downloads on the service in August of 2010, a little more than three years after the service launched; less than three years later, it has added 700mn more.A large percentage of that growth has come from overseas, with Apple saying Thursday that 60% of its downloads originate from outside the US.“Because of iTunes U, I have been able to introduce students and colleagues in China to research on the links between chronic multi-tasking, information overload and stress; discuss research publications and degree programmes with students in Europe; and exchange information about the influence of neighbourhood design on community levels of physical activity and obesity with students in Australia,” UC-Irvine professor Dan Stokols said.Stokols reaches 170,000 students on iTunes U with a course in environmental psychology, Apple said. — San Jose Mercury News/MCT