Security in SP-1

Every year we hear about some firm that has a huge credit card breach.  Usually it is some targeted event that involves a team of hackers to steal all the credit card information.   What we don’t hear about are the smaller, more personal attacks that cost small businesses money each year.

I went back through my notes from last year and found that I personally heard stories that added up to around $50,000 in theft from owners.   That does not include the conversations other people in our  company have with our customers.   Some of this is theft of time (clocking in when not there), employees handing out free or discounted drinks, ticket edits and voids, inventory theft etc.  One of the most brazen was the manager who simply took money from the till at night ($10-$30) and then told the owner that the reports must be wrong!

As you can imagine, a lot of this theft is somewhat avoidable.  Here are some things you can do to insure you are not being taken advantage of.

  • Upgrade to version 7.60 or higher of SP-1.    In Version 7.60 and higher, the password storage has been encrypted (more so than before) so an employee can’t skim the passwords directly from a data file.  Additionally, 7.60 and up require ‘strong’ password rules.
    • 7 or 8 character passwords.
    • Must have a combination of letters and numbers.
    • Forced to expire every 90 days.
    • You can’t reuse a password that has been used in the last 4 times
  • Start using employee swipe cards.  Those are better than having someone see your password and code.  Better yet, spend the $125 and upgrade to a fingerprint id system.
  • Make sure that employees are using their own unique log in.  Please, don’t have a ‘cashier’ code that everyone shares!
  • Review your security.  Does every employee need complete access to everything?
  • Close out the drawer between shifts.  This will really help make your employees aware that you are on top of things.
  • Think about a blind shift close. With a blind shift close, your employees don’t know what is supposed to be in the drawer.
  • Institute assigning employees to the cash drawer if possible.  If you limit access to the cash, you limit access to stealing it.  While you are at it, setup multiple cash drawers if needed.
  • Review your reporting.
    • How many voids and edited voids are happening?  If these numbers increase, start looking more closely.
    • Run the employee summary report and see which employees have more voids.  Look for significant differences.
    • Check your hourly time audits and see if employees are changing their hours.  Then go back and review your security again!
    • Check your ticket audits.  Are employees voiding tickets after the fact?
  • Sign up for MobileDash.  Get hourly reports as well as alerts on voids, edits and reductions.
This by no means covers all the ways that SP-1 can help but it should be a good start.



January 16th, 2014 by