Data Security: A field guide for franchisors

Data securityA field guide for franchisorsgrantthornton.com/franchisorcybersecurity

Franchisor systems are

vulnerableFranchisors use technology networks every day for:

• Sales tracking

• Royalty payments

• Customer credit card information

2

Are you at risk?

Costs of a data breach

Data breaches can have major consequences for franchisors:

• Negative press reports

• Loss of business

• Penalties

• Class-action lawsuits

3

Protect your credit card data

Do not retain payment card data

Implement network security guidelines

Secure remote management applications

Create unique user IDs and complex passwords

Check point-of-sale machines regularly

Verify third party vendor security procedures

on point-of-sale system maintenance, firewall

management and website hosting

4

critical best practices

It doesn't end with credit card data — there's more.

Next up, 5 things that franchisors need to do now to protect their data.

5

Want to get the big picture?

Read the full article >

Establish policies and

procedures

Write, distribute and supervise adherence to a policy and procedures manual that dictates:

• How franchisees’ employees connect to the Internet

in order to avoid malware

• Passwords be changed regularly, especially in

franchise situations with high turnover

• Frequent data security training for employees

6

Encrypt personal data

Always follow the FTC's key principles: Take stock of the data

Keep only what you need

Lock it down

Dispose of what you no longer need

Plan ahead to respond to security incidents

7

Social media marketing campaigns and loyalty programs

gather consumers' personal information.

Also protect personal and financial data gathered from

employees, contractors and vendors.

Invest in intrusion-detection

software

• Monitor networks for suspicious activity

• Bolster incident-response planning

• Require franchisees to comply with notification and

general policy laws as part of their business agreement

8

Tip: Franchisors should conduct immediate investigations when there may have been a breach, and fully document the process. Read more >

Hire consultants to test

your systems

Choose consultants that think

like hackers.

They should use the same tools

that hackers do — including

automated systems that try out

default passwords.

9

Continually enforce data

safety policies

It's not enough to have an airtight policy if it's not applied consistently across the franchise.

10

Read the full article for more insights and best practices >

What franchisors can do now

• Make data security and privacy the way you do business

• Educate yourselves about risks and about taking proactive steps to guard against those risks

• Review the yearly Verizon Data Breach Investigations Report, which details data breaches

• Have oversight of data security at all of your franchises. In particular, you must help them comply with Payment Card Industry Security Standards (PCI DSS)

11

Brian Browne

Managing Director

Business Advisory

Services

Grant Thornton LLP

215.376.6057

brian.browne@us.gt.com

Johnny Lee

Managing Director

Forensic, Investigative

and Dispute Services

Grant Thornton LLP

404.704.0144

j.lee@us.gt.com

InformationContacts

Matt Thompson

Managing Director

Business Advisory Services

Grant Thornton LLP

919.881.5882

matthew.thompson@us.gt.com

12