RSM Australia

Maintaining data security: tips for franchisors and franchisees

Running a business in the digital age means that, on top of operational and customer delivery, there is another layer of complexity in the form of ensuring data security within your business is strong.

As online channels provide more opportunities to build customer loyalty and offer increased choice in how customers interact with the business, there are significant benefits to be gained. However, the data security risks inherent in an online approach also increase correspondingly.

A business doesn’t have to do all, or even most, of its sales and marketing online to be vulnerable to data breaches. Given the high level of connectivity experienced today by just about every conceivable business, it’s not an exaggeration to say that every business is a potential target for cybercriminals. Just as businesses needed to focus on disaster recovery and business continuity in the past, today it’s just as important to focus on data security and incident response processes in case the business experiences an attack that results in a data breach. To fail to do so is to open the business up to significant risk, much of which could be avoidable with the right cybersecurity approach in place. For example, most businesses will be subject to the recent Notifiable Data Breach Scheme, where there is a requirement to consider the need to report a breach notification to the Privacy Commissioner.

The potential fallout of a cybersecurity attack goes beyond simple business disruption, although that’s definitely a highly likely aspect of being attacked. If the attack is focused on sabotage, such as a ransomware attack, denial of service attack, or another malicious attack, to obtain what is otherwise considered as confidential data, then the business will be impacted and may be unable to operate until the attack is contained and recovered from.

DATA SECURITY FOR FRANCHISEESMaintaining data security

It’s important to note that franchisees can be a particularly attractive target for cybercriminals because they represent potential access to a large network of businesses. Depending on the connectivity between a franchised business, a franchise system that provides common tools to each business can be affected by a breach of just one of those businesses. Savvy cybercriminals may be able to use that access to infiltrate the entire franchise network, spreading the attack beyond a single business.

In many cases, cybercriminals target franchised businesses to access both valuable personal identifiable information and financial payment details that these businesses keep on file regarding their customers. Cybercriminals attempt to sell this information for money, so an attack aimed at stealing information is relatively common as you would read in the headlines so often these days. A recent example is the data breach associated with the US hotel chain Marriott.

Cyber attacks in which customer information is compromised can present a significant problem for both franchisors and franchisees because one of the most damaging consequences of such an attack relates to how it affects the brand’s reputation and confidence in the brand. This creates an issue for the affected franchisee, the franchisor, and other franchisees in the network who may find that their reputation is similarly affected as collateral damage merely by association.

The responsibility for cybersecurity in a franchise arrangement likely falls almost equally on the franchisor and the franchisee. Certainly, franchisees should consider it a part of their due diligence to thoroughly investigate, discuss, and agree on how to manage cybersecurity as part of the franchise agreement. At the same time, franchisors should design their systems and those sold as part of the franchise licensing process to be secure and robust, especially when left in the hands of franchisees who may look at data security requirements differently.


Tips for franchisors and franchisees

Click here to read the full article >



Michael Shatter
Partner - Melbourne

Subscribe to Risk Insider to stay up to date with the latest in Technology, Fraud and Security.