Tag Archives: restaurants

Sexual Harassment in Restaurant Industry

Sexual harassment lawsuits against another employee are not uncommon, but oftentimes employers overlook harassment of their own employees by customers. A 2014 Restaurant Opportunities Center United report about sexual harassment found that 78% of restaurant workers had been harassed at one time by a customer. Title VII of the Civil Rights Act requires employers to provide a workplace free of harassment. If the employer “knew, or should have known about the harassment and failed to take prompt and appropriate corrective action,” they can be held liable. Many guests don’t expect that their behavior will be questioned; many restaurants don’t want to make customers uncomfortable by correcting their behavior. So what is a restaurant to do when a customer harasses the staff?

The first step for restaurants to fix this problem is to have a strong HR department that is serious about preventing and dealing with sexual harassment. It’s clear when employers are using training as a pre-emptive legal defense and when they actually take it seriously. Employees will respond with equal seriousness. If workers don’t feel like policies against harassment will be enforced, they won’t report.

Another step that restaurants can take to prevent lawsuits is proper sexual harassment training. All restaurants need sexual harassment training, not just big ones with HR departments. There needs to be something written down somewhere that’s clearly visible — if this happens, this is how we will respond. In other words, employers can’t just say that all their employees deserve respect; they have to go out of their way to show that they won’t tolerate sexual harassment if there is to be any meaningful change.

See also: Sexual Harassment: Just the Start  

The final way to mitigate sexual harassment lawsuits is through employment practices liability Insurance. Some restaurants consider going without EPLI coverage. Others mistakenly assume they are covered under their general liability policies, which most often have a standard exclusion for employment practices liability exposures. Going without EPLI can be a costly decision. Even if a restaurant only has a few employees, it needs EPLI coverage.

You can find the full report here.

Restaurants Beware: Hackers Are Hungry!

Restaurants, pubs and diners all over the country serve hungry and thirsty people every day. From white tablecloth establishments to the local taco joint, almost all restaurants take credit/debit cards for the vast majority of their payments. One swipe, and customers go on their way. However, behind the scenes, restaurants nationwide are suffering at the hands of cyber thieves who target restaurants in an effort to steal their treasure trove of daily credit card information.

A recent Visa report indicates that restaurants now account for close to 73% of the data breaches in the U.S. Why restaurants? Low effort, high yield.

The smaller the better! Cyber thieves know that the smaller the establishment, the more likely it is to have weak security in place. With a single hack, a thief can reap a whole day’s worth of stored credit card data, while a continual harvest can produce months and even years of data. How is this possible? Thieves break through weak firewalls, take advantage of the all-too-common use of default passwords, hack into one web device (such as security cameras, payment processors, computers, DVR, WiFi) and then access all the other systems that are not segmented (all Web-based systems can talk to each other if not segmented). Once in, thieves can steal current data or install malicious software (“malware”) on the establishment’s system. This malware allows thieves to routinely access the credit card information that is collected each day. Failure by the establishment to detect and remedy this intrusion can lead to legal liability from customers alleging failure to adequately protect their credit card information.

Companies that have been breached often do not learn of the breach until they are notified by customers who have had their credit cards compromised or, even worse, when Visa/Master Card detects a pattern of compromised cards from one point of sale and contacts the establishment for reimbursement. Following a breach of customer credit card information, establishments will be required to notify affected customers of the breach. Notification is complicated and costly and must be done in a timely manner. Often, the effects of a breach include significant IT costs to remedy the breach, determine what information was compromised and repair the system. Lawsuits by customers and a significant drop in business revenue is also common, so there’s significant exposure to both first- and third-party loss.

Why are these types of breaches on the rise? Because hackers and thieves can earn quick cash. The going rate on the black market for credit card information is about $20 a card, and a single small restaurant can yield many dozens in a single day. Not bad for a day’s work! (Or not having to do a day’s work….)

Restaurant owners should take heed and take the security of their clients’ information very seriously. Establishments that process credit card information should review their security systems, update virus software routinely, train employees on security and best practices and consider a risk management plan that would include cyber insurance.

As restaurants are a growing target for cyber crime, if you have restaurant clients (or other clients that take credit card data) you should consult with them about their risks and liabilities. Based on their risk tolerance, consider whether the risk of being a victim of cyber theft is a risk they want to self-insure, or whether they would prefer to outsource this exposure via a cyber/network security policy. In today’s high-tech world, a well-thought-out risk management plan is invaluable and should work in conjunction with cyber/network security insurance, as no computer system — regardless of size or sophistication — is hack-proof.

A well-tailored cyber policy can provide a restaurant that experiences a breach with a forensic expert who will examine the systems to find out how and when the breach occurred, determine what information was compromised and assist in notifying the affected individuals. Depending on size and revenues, cyber policies can be as cheap as $1,000 and provide $1 million in coverage.

Hackers are just like the rest of us: They like to eat! Take precautions so your restaurant clients are not the ones that feed them. In the event that hackers get hungry at one of your client’s establishments, strong security controls and vigilance, combined with a well-drafted cyber policy, can prevent what otherwise could be a devastating blow to a small eatery, franchise restaurant or family diner.