Cybersecurity has become one of the biggest emerging threats to a restaurant’s reputation and bottom line. Today’s hackers aren’t just looking for payment card data. They also want information on a business’ operations, customers and employees.

The good news is that there’s a lot you can do to protect your restaurant against cyberattacks, and it doesn’t have to be complicated or expensive. Whether you’re a small restaurant operator or part of a large, well-known company, you can map out a strong offense to protect your business.

It’s often a matter of thinking the right way about security, according to the National Restaurant Association’s “Cybersecurity 201” guide, which uses hypothetical case studies to guide restaurant cybersecurity planning.

To get into the right mindset:

1. Know the core functions of cybersecurity

You’ll need to identify the assets you need to protect your business; implement safeguards to protect those assets; learn how to detect when you’re experiencing a data breach; understand how to respond to a data-breach incident; and take the right steps to recover to get back on track after an incident.

2. Prepare for continual assessment

Assessing your risk and working toward it is a continual process. You can’t just check a box and put your plan on the shelf. Cyber thieves have become increasingly sophisticated, so your plans will need to evolve too.

3. Understand you can’t eliminate risk completely

The key to an effective cybersecurity plan is to understand the costs and the benefits, and figure out the optimum level of safety that makes sense for your restaurant.