Security Champions unite to keep McDonald’s safe from cyber threats
Aimed at increasing cyber safety, a new program provides employees in the U.S. market with the tools and knowledge to help protect themselves and McDonald’s in the constantly evolving cyber landscape.
by Beth Porter, Operations Technology Professional Program Manager, U.S. Technology
Cybersecurity threats are on the rise, with data breaches, hacking, and fraud all increasing in frequency and severity. For example, according to Federal Trade Commission data, consumers reported losing more than $10 billion to fraud in 2023, marking the first time that fraud losses have reached that benchmark. This represents a 14% increase over reported losses in 2022.
McDonald’s understands the potential impact of these threats to its business, brand, and people. The U.S. Technology Security team is working continuously to improve security infrastructure, and last year, the team drove security awareness with an internal communications campaign that included videos, an online learning course, and resources and tips for staying safe.
Given that 74 percent of cybersecurity breaches are caused by human error, the team is also directly engaging a broad group of individuals to serve on the security front lines through the internal Security Champions program: a holistic, community-based approach to security.
“The Security Champions program brings together people from across the organization and gives them the tools and confidence to respond to these ever-increasing threats,” said Katie Larson, Cybersecurity Analyst, U.S. Technology. “The program focuses on partnering with and training employees and restaurant crew on how to develop their ‘security lens’ to quickly identify and surface vulnerabilities and risks to the business.”
Topics covered in the Security Champions program include:
- A focus on phishing, one of the most common types of cyberattack, and how to identify phishing attempts and report them.
- Highlighting tactics used by scammers, such as social engineering, which involves attackers tricking victims into divulging sensitive information and gaining their trust by pretending to be a known person or legitimate entity, and business email compromise, a type of cybercrime in which an attacker targets a business email account to defraud a company.
- The importance of updating hardware and software with the latest security enhancements to keep data safe and paying attention to restaurant devices to detect security concerns.
- Effective communication and leadership skills. Cybersecurity is an area of expertise where emotions can run high, and teaching people to communicate clearly and ask the right questions to the right people is key.
“We worked to lay the foundation to improve security practices at every level of the U.S. market,” said Katie. “Security Champions builds on that structure and allows associates to step up and take on leadership roles. This engagement will help us find ways to improve the process of combatting fraud and scams, which can cause significant losses each year.”
Before broadly rolling out the program, the team launched a pilot of Security Champions last year with the Operations Technology Professionals (OTP Pros) at the group’s annual conference. This team of in-house technology experts install and maintain technology in McDonald’s restaurants and play an important role in ensuring devices are operating securely, making them ideal Security Champion candidates.
“Being part of the Security Champions program is an outstanding introduction to the security awareness we all need to be focused on in the restaurants and in our personal lives,” said Craig Meyer, an OTP based in Scottsdale, Arizona, who took the initiative to lead a security session with his restaurant team after he completed the Security Champions training. “We are being bombarded in more ways than we recognize, and being more aware as we go about our days is critical. We can be influencers to teams that may not have been introduced to these topics.”
The Security Champions program doesn’t just keep people safe at work. The program has additional benefits, including learning transferable skills, gaining greater knowledge of the business and technology, as well as chances to network, visibility across departments, and the ability to explore a career path in cybersecurity.
McDonald’s U.S. Technology leadership team recognizes the importance of promoting cybersecurity awareness to prevent business disruptions. Afif Chamass, Senior Director, Deployment, Support, Infrastructure and Security, U.S. Technology, is walking the walk by becoming one of the first Security Champions.
“From a business perspective, cybersecurity touches everything that we do — from hardware, to software, to applications,” said Afif. “Therefore, I’m proud to be a Security Champion and help drive education and awareness of how we can protect our ourselves and our company.”
Says John Winchell, Senior Manager, Security Operations, “The Security Champions program is an innovative way to demystify cyber security while empowering employees to grow their skills and become security advocates for the business.”
Read more from this author:
