Callback
  • From a market stall to a store

  • -

  • From a store to a retail chain

  • -

  • From retail to manufacturing

How to keep a store server stable and secure

Volodymyr Vytyshchenko
Volodymyr Vytyshchenko

Trade automation expert at Torgsoft

What affects server stability the most

Stable server operation depends on power supply, disk condition, cooling, updates, access settings, and backups. This requires scheduled maintenance with a designated responsible person, not occasional actions without checking the result.

For a store, the server is often a separate Windows computer that runs Torgsoft and the database. If it becomes unavailable, employees may lose access to accounting, cash register, and warehouse operations. Therefore, the server should be maintained as a separate working node, even if it looks no different from a regular PC.

Protection against cyberattacks also affects business continuity. The CERT-UA report for the second half of 2025 describes ransomware attacks on Windows systems where initial access was obtained through administration interfaces exposed to the internet, mainly RDP. Before encryption, attackers deleted Windows shadow copies to make recovery more difficult. Source: the “Cyber Threats: Ukraine” report for the second half of 2025.

Basic procedureAssign a responsible administrator, limit server use, configure updates and protection, close direct access from the internet, organize several backups, and test recovery. Add a UPS and hardware health monitoring.

Use the server only for work tasks

On the server or main computer with Torgsoft, you should not read email, use messengers, open random websites, download documents, or install programs for personal needs. Every extra program adds updates, services, accounts, and possible vulnerabilities.

Use another computer for email, documents, banking, and ordinary work. Give employees access only to the functions and folders they need for their duties. Separate the guest Wi-Fi network from the network where the server, cash registers, and work computers operate.

Update the system at a defined time

The server must run a version of Windows supported by the manufacturer. Install updates for the operating system, drivers, security tools, and programs used on the server. Before major changes, check that a usable backup is available and that the update is compatible with work programs.

A weekly reboot by itself is not maintenance. Reboot the server after updates that require it, after changing system settings, or during diagnostics. Do this during an agreed maintenance window when users have finished working. Microsoft recommends managing installation and reboots separately for servers; the relevant settings are described in the Windows restart management documentation.

Before rebootingMake sure the backup completed without errors, warn users, close work sessions, and check who will verify that the program starts and cash registers reconnect after the update.

Do not disable antivirus or firewall

A compatible anti-malware tool must run on the server at all times. For Windows, this can be the built-in Microsoft Defender or an enterprise solution from another vendor. Detection databases, the protection module itself, and cloud scanning mechanisms must be updated regularly. Microsoft does not recommend disabling or removing Defender without another active protection tool: Microsoft Defender Antivirus overview.

Windows Firewall must also remain enabled. Open only the ports and connections required for specific programs, preferably with restrictions by internal network addresses. General configuration rules are provided in Microsoft’s Windows Firewall documentation.

Do not add the entire database or program folder to antivirus exclusions just because scanning slows work down. Exclusions should be configured by an administrator after checking the developer’s recommendations and load logs. An excessive exclusion leaves data unchecked.

Separate regular and administrative accounts

Cashiers, salespeople, and other users should not work in Windows with administrator rights. Create a separate administrative account for installing programs and changing system settings. Each administrator and IT contractor must use their own account so that the log shows who connected and when.

Use a separate password for each account. A password should not be stored in a plain text file, an unprotected browser, or on a sheet of paper near the computer. For storage, use a trusted password manager with a protected main account and a backup method for restoring access.

The current edition of NIST SP 800-63B recommends at least 15 characters for a password that is the only login factor, allows password managers, and does not require periodic password changes without signs of compromise. Therefore, the rule “change all passwords every two to three months” is outdated. A password must be changed immediately after a leak, suspicious login, dismissal of an employee with access, or transfer of the password to another person. Source: NIST SP 800-63B.

Enable multi-factor authentication for remote access, email, cloud storage, and the backup account if the service supports it. A second factor reduces the risk of login after a password is stolen.

Do not expose RDP directly to the internet

The Windows Remote Desktop Protocol (RDP) must not be accessible from any address on the internet. For permanent remote access, use a secure private connection (VPN) or a remote access gateway with multi-factor authentication. Limit allowed addresses, connection time, and the list of users. Enable logging of successful and failed logins.

Run or allow a remote support program only for the duration of an agreed session if permanent access is not required. After the work is completed, close the session, disable temporary access, and check whether any new accounts or services remain. CISA recommends keeping an inventory of remote access tools, limiting their use, and protecting accounts with multi-factor authentication: Guide to Securing Remote Access Software.

Dangerous configurationForwarding the RDP port to the server and using a short password is not an acceptable way to work remotely. Changing the default port number also does not replace VPN, multi-factor authentication, and access control.

Keep several independent backups

A backup on the same disk or in another folder on the server does not protect against drive failure, encryption, theft, or fire. A permanently connected external drive and a network folder can also be encrypted together with the server.

As a practical basis, use the 3–2–1 rule: at least three copies of data, on two different media, with one copy outside the main workplace. Keep one copy disconnected from the work network or protected from modification and deletion from the server account. This scheme and the need for regular testing are described by the UK National Cyber Security Centre.

The backup frequency depends on how much data the business is ready to re-enter after a failure. If losing only one hour of operations is acceptable, once-a-day backups are not enough. Define this period together with the responsible administrator.

A successful file write does not yet confirm recoverability. Regularly deploy a copy in a separate test environment, check database integrity, the date of the latest operations, and user access. NCSC also recommends keeping previous versions of backups and testing recovery before a real failure: data protection guidance.

Torgsoft database archiveView the instructions for creating a Torgsoft database archive. The archive must be transferred to independent storage; a copy that remains only on the server does not solve the disaster recovery task.

Use a UPS with automatic shutdown

An uninterruptible power supply, or UPS, gives the server time to survive a short power outage or shut down correctly during a long outage. Its power and battery runtime must match the total load of the server, network equipment, and other devices that must work together.

Connect the UPS to the server via USB, a network module, or another interface provided by the manufacturer. Configure the management program so that it automatically shuts down the server before the battery is fully discharged. This scenario reduces the risk of damage to open files and the database; its purpose is described in the Schneider Electric UPS Management Software Guide.

Check the battery status, error messages, and actual battery runtime. Replace the battery based on test results and the manufacturer’s recommendations. A UPS does not replace backups and does not guarantee operation during a prolonged outage.

Use RAID for its intended purpose

RAID combines several disks and, depending on the level, allows the server to continue working after the failure of one or more drives. The specific RAID level must be selected according to acceptable downtime, data volume, speed, and budget. RAID 0 has no redundancy and is not suitable for storing critical data.

RAID is not a backup. It will not restore an accidentally deleted record, a previous database version, or files after encryption. It also does not protect against server theft, controller damage, fire, or administrator error. Red Hat documentation defines RAID as a way of storing data on several disks to reduce the consequences of drive failure: Managing RAID.

Configure alerts about array degradation. If a disk fails, it must be replaced with a compatible drive and the array rebuild must be monitored. RAID without monitoring can work for a long time in a degraded state until the next disk fails.

Monitor temperature, disks, and free space

The server should be installed in a dry, clean, and ventilated place without direct sunlight, water, or free access for visitors. Do not block ventilation openings and do not place the system unit near heat sources. Permissible temperature, humidity, and ventilation distances depend on the equipment model, so follow the manufacturer’s documentation.

The administrator must monitor the temperature of the processor and drives, fan status, disk errors, RAID status, RAM load, and free space on the system disk. A sharp increase in input-output errors, temperature, or response time requires diagnostics. Do not wait for complete disk failure.

Clean dust only after correct shutdown and disconnection from power. Do not disassemble the server or UPS without the required qualification. If the equipment is under warranty, follow the conditions of the manufacturer or supplier.

Keep a maintenance log and configure alerts

Record the server model, serial numbers, disk configuration, Windows version, network settings, licenses, warranty date, responsible persons, and contractor contacts in the log. Store passwords and recovery codes separately in a protected vault.

Monitoring must report server unavailability, lack of space, backup errors, stopped protection, RAID degradation, UPS problems, and unusual login attempts. Alerts must go to a person authorized to respond.

Practical inspection schedule

Below is a basic schedule for a small store. The administrator can change the frequency based on load, equipment, manufacturer requirements, and acceptable downtime.

FrequencyWhat to checkResponsible person
Daily automatically Server availability, backup result, antivirus protection, free space, disk and UPS status Monitoring system; the administrator receives the notification
Weekly Critical error logs, failed logins, unfinished updates, availability of a current copy outside the server Administrator
Monthly Scheduled installation of updates, controlled reboot if needed, access and remote management program check Administrator; the owner approves downtime
Quarterly Test database recovery, UPS test under load, review of accounts and access rights Administrator together with the responsible business employee
Annually Assessment of equipment lifespan, warranties, disk capacity, Windows support, replacement plan, and disaster recovery plan Owner and administrator

What to do when there are signs of an attack or data damage

Signs of an incident may include mass renaming or encryption of files, a ransom demand, unknown accounts, unexpected remote access programs, numerous failed logins, disabled antivirus, or unusual network activity.

  1. Disconnect the suspicious server from the local network and the internet: unplug the network cable or disable the network interface.
  2. Do not connect backup drives and do not start recovery in the affected system.
  3. Do not delete files, logs, or accounts before a specialist reviews them. Record the time, messages on the screen, and actions that preceded the problem.
  4. Contact the administrator or an incident response specialist. Notify the owner and determine which store operations must be moved to a backup procedure.
  5. Check other computers, accounts, and remote access tools. Change compromised passwords from a clean device.
  6. Recover the system in a clean and updated environment from a copy created before the intrusion and checked for the absence of malicious files.

CISA advises first identifying affected systems and isolating them immediately; power should be turned off when network isolation is impossible. The full procedure is provided in the ransomware attack response checklist.

Do not start with reinstallationRushed disk formatting or running a random decryptor can destroy evidence, make it harder to identify the entry point, and damage data. First isolate the system and involve a specialist.

Who is responsible for what

RoleResponsibility
Business owner Appoints an administrator, approves acceptable data loss and recovery time, funds backup media, UPS, equipment replacement, and inspections
System administrator Configures updates, protection, accounts, remote access, backups, monitoring, and test recovery
Store employees Do not use the server for unrelated tasks, do not share passwords, report errors and suspicious events
Torgsoft technical support Consults on program operation, can help install Torgsoft and deploy a usable database within the terms of service
Limits of Torgsoft assistance

If the Torgsoft database is stored locally and the client does not use a separate backup storage service, Torgsoft does not have a copy of it and cannot restore missing commercial data. Program technical support does not replace a system administrator or a cyberattack response specialist and is not a service for decrypting infected files. For consultation regarding Torgsoft, you can contact technical support.

Owner’s checklist

  • A person responsible for the server and backups has been appointed.
  • The server is not used for email, messengers, and random websites.
  • Windows and other software receive security updates.
  • Antivirus and firewall are enabled; their status is monitored.
  • Employees work without administrator rights.
  • There is no RDP exposed to the internet for remote access.
  • Administrative and cloud accounts are protected by multi-factor authentication.
  • There is at least one backup that cannot be modified from the server.
  • Test database recovery has been performed and the result has been recorded.
  • The UPS can automatically and correctly shut down the server.
  • The status of disks, RAID, temperature, and free space is monitored.
  • There is a short instruction on actions during a failure or cyberattack.