Information security of the store

Security concerns are one of the main drivers of automation. Entrepreneurs want to control their salespeople, delegate tasks related to goods, manage the store remotely, and at any time check what's happening in the store. It is extremely difficult to do this manually, with a notebook and calculator.

What do entrepreneurs fear?

Fear #1: Loss of the Database

When "accounting" is done in a notebook, few people care about the security of the information: the notebook can easily be lost, forgotten in a visible place, and the information in the notebook is unstructured, so it doesn't attract much attention.

As soon as automation is implemented in the store, the order and proper accounting make the data's value increase significantly.

Losing the database is regrettable because:

• It takes tremendous effort and months of painstaking work to fill the database;        
• The database contains invaluable, organized information about suppliers, intermediaries, customers, and all financial transactions with them;        
• The history of sales results is necessary for analyzing business efficiency.       

What can happen to the database?

• Data theft by staff, business partners, or cybercriminals.        
• Deliberate data manipulation: deletion or modification.        
• Unexpected inspections by regulatory authorities and access to the database.        
• Ransomware viruses.       

How to protect the database

1. Regularly archive the database to an external storage or "cloud". This is an essential daily business process and the only reliable way to restore information when necessary. In Torgsoft, automatic one-way archiving can be set up with the "Cloud Archive" option.
2. Set role restrictions: forbid employees from viewing customer or supplier information. In Torgsoft, you can fully close access to the customer list, or block the ability to save or export information; hide contact details of clients and intermediaries, etc.
3. Do not allow third-party applications to run on the server with the accounting program. Carelessness and inexperience, an accidental click on an ad banner, or the launch of an unknown application can introduce a virus into the server that encrypts the database and demands payment. We have previously written about protecting the operating system from ransomware viruses.
4. Set strong passwords for server access and for the Torgsoft program. Do not write passwords on pieces of paper or share them with anyone. Read how to configure your computer for safe use.

Fear #2: Leaking Confidential Information

"My tongue is my enemy" (c). Most often, sensitive, important business information is spread by employees, relatives, or even the business owner. Typically, this happens unintentionally, unconsciously, or out of carelessness.

What can harm the business due to excessive openness?

• Competitors may learn about your successes or failures and harm your business;        
• Information may be handed over to regulatory authorities;        
• The spread of rumors and gossip that damages your reputation;        
• Using information to deceive, or using social engineering methods against you.       

How to protect confidential information

1. Environment filter. Not everyone needs to be involved in meetings. Discuss matters only with those who influence the decision-making process and need to be informed.        
2. Do not share unnecessary information with employees that they can perform their duties without. Salespeople have sharp ears, analyze, and spread information about the employer at their discretion.        
3. Use the accounting program. Provide access only to information that corresponds to the employee's position. For example, the daily cash report can be seen by all salespeople, but stock inventory or inventory summaries should only be accessible to the store administrator.        
4. It may sound trivial, but close the doors when discussing something with business partners or family matters on the phone.        
5. Do not publish scanned copies of statutory documents on the website – fraudsters use them to deceive others while pretending to be you.        
6. If you're active on social media, limit access to personal posts. From open information, friends, photos, and locations, it's easy to determine where the entrepreneur is, who their employees are, where they live, and what lifestyle they lead.       

Torgsoft is a desktop system installed on your computer, and only the business owner has full access to the program.

The advantage of Torgsoft is that control over information is in the hands of the business owner: if needed, they can turn off the computer or close access to the program – all they need to do is approach the computer.

What information to send to the tax office is decided by the entrepreneur: reports are generated by you or your accountant for export to accounting programs M.E.Doc or Art-Report.

Fear #3: Loss of Control Over the Situation

It is unpleasant when events in the store unfold according to an unpredictable scenario and behind the manager's back: deception, fraud, data distortion. We wrote and discussed fraud by salespeople, and what measures to take to protect the business.

How to control sales and employee actions in the store

Automation and accounting systems are created for control:

1. All employee actions are recorded;        
2. With proper role configuration, employees cannot change or delete information;        
3. In a disputed situation, the accounting program will tell exactly who is telling the truth;        
4. The program tracks the start and end of the salespeople’s shifts. The entrepreneur is often away and cannot personally check whether the store opened on time. Each salesperson must register in the program upon arrival at work. The program can automatically print a registration receipt, which records the exact arrival time, the employee's last name, and the store name. Such receipts are easy to verify and use this information, for example, when paying salaries or bonuses.        
5. Spot control. This approach allows you not to track every step of the salesperson. Periodically analyze reports, expenses, transactions with suppliers, discrepancies in purchasing prices. Ask questions in case of discrepancies or doubts.       

Fear #4: Loss of Business Control

During total digitalization, ownership of a business is not only about statutory documents or ownership rights.

How not to lose control over the business

The business owner should have:

1. Access to the admin panel of the website or online store (link, login, and password).        
2. The domain registered in the business owner's name.        
3. The accounting program registered in the business owner's name.        
4. Login and password for the Google Account where ads are set up, and the store is registered in Google My Business.        
5. Full access and administrator rights for social media accounts.        
6. Administrator rights on the server. However, there is no need to give other server users Administrator rights.        
7. If Torgsoft is on a virtual server Gigacloud or VPSNOW – access to the VPS admin panel.        
8. Registered store phone numbers in the business owner's name.        
9. Access to auxiliary services for business, such as Binotel, TurboSMS, Unisender.        
10. Financial phone numbers and access to online banking. Employees should be added as Trusted Persons. If they only need to check payments for goods at PrivatBank – enable the Torgsoft feature “Bank statements for Privat24 accounts”       

Fear #5: Loss of Trust

You'll have to be disappointed in people your whole life. To avoid frequent disappointments, it's better to be cautious.

How not to get scammed

1. Before hiring an employee, inquire about them with their former employer; check their activity on social media.        
2. Before signing invoices, acts, delivery notes, powers of attorney, contracts – carefully read the document. Verify contractors in the documents, check their details, registry information, and phone numbers in Google search.        
3. Ask clients. Reviews are a clear indicator of business status. If clients complain about the service, take measures before incorrect business processes or careless employees ruin your business reputation.        
4. Train employees. They should have instructions and understand what to do in an unusual situation to avoid taking matters into their own hands.       

Many books have been written on the topic of information security, but applying our recommendations will significantly reduce risks and make your business almost invulnerable.