Title Page
-
Site conducted
-
Conducted on
-
Prepared by
-
Location
McCans ~ Cyber Security ~ Self Exam
-
I understand to ~ Please INCLUDE Pictures (when applicable)
Sonic Cybersecurity Store Self-Assessment ~ As you know, cybercriminals pose a constant threat to our business, and a breach could cost us significant time, money, and damage to our reputation. While our IT and Cybersecurity teams work diligently to secure our systems, it takes everyone working together to keep our data and systems safe from cybercriminals.
Physical Security the Visitor’s Log
-
□ Make sure doors are closed and locked
-
□ Always check and verify the ID of non-employees who want to come inside, and fill out. Include Picture
-
□ Your server cabinet should be locked, and the keys should be stored in the safe
-
□ Each employee should have his/her own ID or MagCard to ring up transactions or clock in
-
□ Passwords should not be written down or shared
-
□ Sensitive information, such as employee data (e.g., Social Security Number, Date of Birth, etc) or sales data (e.g., credit card information), must be locked in safe box or file cabinet
-
□ When sensitive information is no longer needed, it must be securely shredded
-
□ Always securely erase or destroy outdated or defective hard drives
-
□ Post Cybersecurity stickers and Anti-Vishing magnets so they are easily visible
-
□ Use a DVR system and/or security cameras to watch critical areas of the drive-in, including building access, POS systems, and the stalls
-
□ Check credit card machines daily for signs of skimmers. Check all machines, including those inside, outside, and in stalls. Keep a log of all your checks. If you do not know about those inside, outside, and in stalls. Keep a log of all your checks. If you do not know about skimmers, refer to the E-Learning guide
System Access
-
□ Only Sonic support team members or contracted vendors should remotely connect to store systems. These include HQ, SEI, Micros, and Infor support personnel
Training
-
□ All team members need to complete the Cybersecurity module in the TOT ZONE
-
□ Make sure new hires are aware of Cybersecurity policies, including using strong, unique passwords; not sharing passwords; handling payment cards correctly; and checking for skimmers daily
-
□ Drive-ins should provide additional security awareness training regularly once the new hire training is complete
-
Cybersecurity is everyone’s responsibility
ARE YOU READY?
-
You understand that ~ Some drive-ins will also be selected for an on-site assessment conducted by EY between September 26 and November 7. The assessment should take 15-30 minutes and will be timed to minimize disruption to the business as much as possible. These drive-ins will be contacted by email, and the assessor will attempt to call the drive-in before arrival. We will also post information about the assessors on PartnerNet so you can be confident of the assessors’ identities.
-
You are aware that ~ All drive-ins will receive an email from EY/Qualtrics during the week of September 19-22 with a link to complete an 18-question online self-assessment. We anticipate this will take no more than 20 minutes to complete. If a drive-in fails this assessment, simply review and address the failed items, then email Cybersecurity to reset and resend the assessment link. With this, we look forward to a 100% passage rate.
