February 2014 Monthly Newsletter
Given the recent credit card data breach at Target, data security is again headline news. In light of this, we decided to dedicate the February newsletter to data security.
Tip #1: Back-Up MicroBiz Often
While there are several methods to backing up your MicroBiz data, the recommended choice is to run the internal MicroBiz backup program. This is found at MANAGEMENT | CUSTOMIZE | GLOBAL SETTINGS.
Make sure you know where your Backup Directory is pointing to as well. When the backup is complete this is where you will find your MicroBiz Data. The backup process will actually create a TEMPBAK and ZIPBACK folder. The Zipback folder is exactly what it sounds like. All your backup files zipped up into a uniquely named backup. (i.e.: BIZBAK01.ZIP ) This method when done daily, will keep up to 30 days of backups before overwriting a previously created zip file. The Tempbak folder or directory contains just the files themselves unzipped from the last time the backup process was run. Remember to give us a call before starting the installation or upgrade.
Tip #2: No Retention of Credit Card Data
Versions of MicroBiz for Windows earlier than version 12.5 have the ability to retain credit card data. Versions 12.5 and later became PCI compliant by removing the ability to retain credit card in the system. So, to avoid any exposure to a release of stored card data, please make sure you are running a version of MicroBiz that is 12.5 or later.
Tip #3: Secure Usernames and Passwords
Another recommendation to add security to MicroBiz is to add usernames and passwords for all employees who are using MicroBiz. This can be done through: “Management” – “Add/Edit Password.” You will need to use the “Add” button to add a new user. Enter in the login name and security number. Note that Level 0 is for higher security users (managers) and Level 99 is for lower security users (employees). You will want to create at least one administrator username with security set to 0, meaning they can have access to every function in the program. Make sure you remember your administrator username and password, as MicroBiz Support will not know this information. When you have all employees set up, click on the “Save” button to save your changes.
Tip #4: Maintain Adequate Security Levels
We also recommend that you evaluate your security levels on a regular basis. This can be done through: “Management” – “Edit Security Level.” You will see a list of all of the available functions in MicroBiz. The number for these functions will need to be changed according to the level you have set for your employees in “Add/Edit Password.” It is recommended that you make sure that “Edit Security” and “Add/Edit Password” are both set to level 0 so that only the administrator can make changes to security.
Tip #5: Review Your Transaction Settings
Other functions for transaction-level security can be found in “Management” – “Customize” – “Transaction Settings” – “Security” tab.
1) Validate Clerk’s Initials against employee file? – If this option is checked, MicroBiz will cross-check the initials in “Management” – “Add/Edit Password” with “Management” – “Employee Control.” This option would be recommended if you use the “Time Clock” or “Commission” features in MicroBiz.
2) Carry Security Level Through Initial Sign-on? – If this option is checked, MicroBiz will only prompt you ONCE for username and password when you enter MicroBiz. Based on the security level of the user logged in, MicroBiz will only allow access to functions associated with that user.
3) Always Require Customer at F9 Invoice? – If this option is checked, you MUST have a “F8-Cust” loaded to the Work Screen before completing a sale. The below “A.” and “B.” options will require a “F8-Cust” loaded to the Work Screen based on whether you tender using the “Credit” or Debit” options.
4) Split Add/Edit Security to Add and Edit – If this option is checked, two new security levels will be added in “Edit Security Level” for “Add Product” and “Edit Product.” By default, the security levels will be set to 0 (highest security). This is a useful option if you want different security levels for both editing and adding products.
Tip #6: Reduce PCI Exposure with Encrypted Payment Processing
In the retail management software market, ‘integrated payment processing’ is defined as a having your credit/debit card processing service tightly integrated with your retail point of sale (POS) system.
MicroBiz’s integrated payments solution uses encrypted credit card readers that securely encrypt credit card data as the card is swiped through the card reader. The encrypted card data is then directly passed to a secure hosted payment gateway maintained by our payment gateway provider – so that unencrypted card data is never transmitted through or retained by your POS system. As a result, your MicroBiz POS system will be compliant with PCI security standards, which mandate that businesses safely encrypt and store PIN numbers, CVV2 numbers and magnetic stripe data.
In addition to reducing financial liability from a breach of credit card data, integrated payment processing can help you reduce costs and improve efficiency. If you currently use a payment processing solution that is not integrated with your store POS system, it may be worth it to re-evaluate the hidden costs of operational inefficiencies of your current set-up and research you new options to see if you can save time and money.
Quote of the Month
“Sometimes when you innovate, you make mistakes. It is best to admit them quickly and get on with improving your other innovations.”
– Steve Jobs