Franchise Update Magazine Issue II, 2017 - Page 43

to get everybody on the same platform so ers, for example, have access to the POS you know everybody’s behind the same system at their store—and no others. fence and has the same protection,” he “Standardization and centralization says. “This helps mitigate the human fac- allowed us to have a tight leash on who tor.” On the hardware side, that includes has access,” he says. “It limits the points the network itself, a secure firewall, not of failure if you have one person doing it.” having guest wifi on the same network He recommends starting with the as your system, and restricting access to low-hanging fruit and offers four pieces your back office computer. of advice: “All these things can be done and are 1) Keep your software and hardware up easy to enable, but we see to date. Microsoft released a patch in March to fix the large companies breached every day,” he says. “The vulnerability that resulted biggest thing we’ve learned, in May’s ransomware epi- and one of the first things I demic. Companies that did did when I came on board,” not install it were vulnerable. he says, was to standardize 2) When evaluating ven- the software and hardware dors, look at their PCI stan- across all 50 Roy Rogers dards and compliance level. units. “All our ports on our Are they innovative or reac- firewall are consistent in ev- tive to PCI? While you never ery store,” he says. And all want to be guinea pig, he MJ Worsham the stores use NCR’s Aloha says, you also want to keep POS system. up with the latest security technology. “From there it becomes a task of get- 3) If you’re going mobile (and it seems ting buy-in from your franchisees without everyone is), segment your network. Keep- making it a mandate. You can make it a ing everything separate is the easiest way mandate in the franchise agreement, but to maintain network security and stability. we wanted to look at it more as an edu- 4) Finally, he says read to stay on top cational experience,” he says. “We have a of security issues, which are a moving fantastic relationship with our franchisees, target as people find innovative ways to with a lot of mutual trust. We see it as an breach a system. advisement, not a mandate.” Worsham says that with the brand’s Hire out for help close relationship with its franchisees, At Jersey Mike’s Subs, CIO Scott Scherer this may have been easier than at larger prefers do it all in-house—well, almost. franchise brands, or those with legacy “This will probably go against what I’ve systems or acquired units with their own said in the past,” says Scherer, who was an technologies. One way to make the medi- outside vendor before joining the brand cine go down and get that buy-in was to (see Franchise Update Q3 2015). However, “kill nine birds with one stone,” he says, when it comes to data security, he says, by adding features and showing the fran- “That would be one thing I’d outsource.” chisees the ROI. And he does. When the brand launched its loyalty As he sees it, either plan on spending app, something the franchisees asked for, a lot of money and hiring a lot of people it had to be on the same system across the internally, or find a third-party partner brand. “It’s a lot easier when you show the (or partners) who are expert at protecting ROI in the conversation: a more secure corporate and consumer data. “Though system that is up to date, PCI compliant, we like to do things in-house,” he says, ready for EMV, and with online order- when it comes to security, “there are too ing,” he says. “Network management and many smart people going against us.” security was not the most important part Jersey Mike’s is getting help from of the conversation.” Instead, he says, it Charlotte-based Global Linking Solu- was the new features and capabilities. tions, which provides 24x7 monitoring, “Everything was important. It was just management, and security services. Part of easier to pile it together.” the brand’s strategy, says Scherer, was “to When it comes to advice for other make sure all our franchisees were on our franchisors, “Centralization is really the network.” The plan for that network (now key,” he says. So is limiting the number international), which includes everything of people who have access to the system, from its home-grown POS system to bar and the level of that access. Store manag- code scanners and terminals, was for it to reside on a private network managed by Jersey Mike’s through GLS. For every new store opening, he says, GLS stages all of the firewalls and network equipment. Jersey Mike’s calls its POS vendor, orders a hardware package, and GLS sends a tech to configure the equip- ment. “They deal with all that on their end,” says Scherer. “The hardware gets installed and appears on our network.” GLS monitors all the firewalls, routers, and switches and is authorized to speak with the ISP to resolve any issues. “On the networking side, they keep our system up and running.” When it comes to getting franchisees to cooperate to ensure the network is secure and compliant, he says, the fran- chise agreement dictates who to buy software, hardware, and networking equipment from—and the company’s national credit card processing plan with First Data requires that all franchisees are PCI compliant. PCI, standards, and tips In January, John Christly, global chief in- formation security officer for Netsurion and EventTracker, was named to the PCI SSC Small Merchant Task Force, where he plans to serve as a voice for SMBs and multi-location merchants FVP46Ɩ6R&R6Wf&R@VBFF&R6V7W&R6&7Fǒ62FRFffRF&VG2F&W7FW&G2&R6W'22v&R&6v&RFW&F&VG2Bvf6RЦ7W&Gf"'&G2vFRFS"&P6F2R62( ĖbRvBF&FV7@FR'&BRfRFFRB6W&W6ǒ@FR'&BWfV( R6246Ɩ6P2vB6RF&Vvआ2&V6VFFf"g&66'20FfR&6ֆ&BƖ77FFs( ĖbPvBF&Rg&66VRRW7B&fP^( &R46ƖB( BRFG2@W7B&RVvFFVǒG'VRFfB&Vpv6VB'VFW2b'&V6FW22Ц7W"VRvW7B6V6FR&W2FR46Vb76W76VBVW7F&P4WfVbFW( &RB6ƖB( ė@v6RWBB&RF66fW&VB( R62'WBBW7VǒFW2'&V6BFVN( 0FFRBF涖r( v^( &R7W&VBf FN( v( B7WBBWfVf"6W2vF7&W"7W&6R( ĒFBbFR&WV&VVG2&P&BW&W26'W6W76W2( 606&7Fǒ( 'WBFR'VW2&RvBFW&RF22WBFW"67BbFr'W6W70R6Bv&R( Рg&66WWFFR55TR#rC