Just like Erply needs to follow security requirements, so do our customers. Managers don’t often suspect that a disloyal employee might have little regard for the company’s security or even abuse blind spots.
Statistics show that it’s always wise to put emphasis on increasing POS security. It’s easier to make the effort than to suffer the consequences of a data breach. The threat often looms closer than most think.
Unlimited Access and Mobile Devices
If you’re training a new employee at a checkout that has access to the entire system, the novice employee can accidentally leak or even erase data.
Mobile devices pose a threat because employees might leave them unsupervised while still logged in. That’s basically an open door to your system. To avoid such situations, Erply has an automatic logout function when the employee has been inactive for a set amount of time.
To accurately check cash transactions, the POS software needs to store all transactions in real time. Erply makes this possible. It’s also important to count the cash in the cash drawer at the start and end of a day to detect discrepancies between the report and the amount of money in the register.
Additional Security Checks
Employees who feel they’re being monitored excessively may feel demotivated. At Erply, security checks are nothing personal, just business – a part of the daily routine.
We’re used to security cameras at checkouts, but Erply proposes an additional security measure – every service clerk must log in to use the software. After a successful login, the user is granted access to a specific Erply service. Access is temporary and if the user becomes inactive, they will need to re-enter their login credentials.
Account administrators can access all logs – both successful and failed – as well as user actions. Each entry bears a timestamp that lets you monitor which employee entered which items and when into the inventory.
Account administrators can also turn on a restriction that only users from a whitelisted set of IP addresses are allowed to access Erply. With this feature, employees can be prevented from logging into Erply from home, or from elsewhere outside the company premises.
Erply also lets you know when a product begins to suddenly run out of stock. That means you should check whether sales really are through the roof or whether the item has become exceedingly popular among shoplifters.
Role-Based Access
Another simple method for securing data is role-based access. Employees are grouped and each group is granted access only to the data in the POS they need in their everyday work. A chef doesn’t need access to the transaction (not even to view them).
There are a number of ways for grouping rights:
- The company’s finances – access is only granted to those that compile reports or make management decisions on the company level;
- Customer data – access is granted to those that work in customer service or analyze shopping trends;
- Inventory – access is granted to those in charge of ordering, accepting or relocating inventory.
Hardware Security
The more devices the employees use – e.g. tablets, scanners, mobile devices that can access the POS – the higher the chance that you’ll encounter malware, viruses, and other problems. This is especially true for companies that allow employees to use personal devices. It’s important to regularly delete old IDs and the passwords of former employees from devices.
Erply’s advantage is that it is compatible with nearly all checkout equipment (scanners, tablets, printers, etc.). This allows Erply’s customers to comfortably adopt innovative and secure technologies and equipment.
Risk Assessment
Even the most secure technology is not enough if it’s not backed up by the correct line of thought and basic employee habits (not using social media on work devices; not charging a phone by plugging it into the USB port of a computer, etc.).
It’s important to understand that there is no such thing as absolute security. Even the best antivirus software or firewall can’t guarantee complete data security. Having backup copies of the company’s data, using antivirus software with automatic updates, securing the intranet with a firewall and encrypting data carriers is just the ticket to board the train. The next step is regular IT risk audits, pen testing and adhering to the implemented measures. This is why every company should conduct a risk assessment and manage the most crucial risks.
The risk assessment report will become a document that lists potential threats and offers measures to avoid or limit the effects and likelihood of risks. The measures will help avoid, reduce, and sometimes, eliminate risks.
To Sum Up
The aforementioned solutions and tools are already available in Erply’s standard solution to help customers limit the users’ access to data. If these measures aren’t enough, we at Erply are always happy to take our customers’ wishes and needs into account and offer additional and customizable software components.
If you do not have an Erply account yet, create it here or contact our team at help@erply.com or by calling +1 917 210 1251.