POS Systems And Risk Management

POS Systems and Risk ManagementIs your POS prepared for the perfect storm?

The #TorontoFlood last night seemed to have caught everyone by surprise. Especially folks in West Toronto! Power was knocked out to over 1 million customers and a major communications hub at 151 Front Street was under water affecting phone systems and internet causing a variety of communications problems all over Southern Ontario. To add insult to injury, an outage of banking debit services seems to have been related to the flooding of communications systems in Toronto, which affected thousands of merchants across the Province. As most of our POS clients are using integrated credit and debit with their point of sale systems, they immediately started calling Armagh to report that their POS transactions weren’t going through. Naturally, they couldn’t get through due to telephone outages, and the problem snowballed from there.

In conversations with customers this morning, I have been reminding them that they need to be prepared with backup solutions in the event that their systems fail. In this case, their systems did NOT fail – it was the infrastructure that those systems rely on that failed. In either case, they need to be prepared. System failures, for any reason, and as rare they may be are inevitable.

Is Your POS System Ready For DisasterFor retail store and restaurant owners, the events in Toronto are an important reminder of how critical these systems are to the way we live our lives and operate our businesses. Another important lesson is how interconnected these systems are to our operations and to each other. Who would have thought that a single minor flooding incident on a street three cities away could directly affect your POS systems?

This begs the question, are you ready for a major systems outage? This question reminds me of an article I read that quoted a 2005 study that surveyed 1200 businesses and reported that 33% of businesses had no continuity plan in place (in my experience it’s far more than that), and that 93% of businesses that lose their critical systems data for 10 days or more declare bankruptcy within a year of the event.

The topic of risk management and continuity planning looms large over most business managers and seems like it’s an impossible project to tackle – causing most managers to stick their head in the sand – but it doesn’t have to be. It just requires planning – as I have always said, failure to plan is planning to fail. An evaluation of risk and disaster recovery for mission critical systems like POS systems – basically revolves around three major areas:

1. Critical System and Vulnerability IdentificationWhat Risk Management Do You Have Under The Hood The way to avoid an unforeseen disaster is to foresee it. Retail store and restaurant owners need to determine the most important systems – such as the point of sale system, phone system, network and internet connectivity, and determine their vulnerabilities. Electrical power could go out, internet may go down, power surges may damage critical systems, hardware may fail, and phone lines may stop working.

2. Prevention Planning Once you know where your weaknesses are, how can you prevent them from being realized? Is your plan proactive or reactive? When disaster does strike, will you be ready to mitigate the damage to your business? Do you have battery backups on your POS system that work? Surge protectors that haven’t already been damaged by surges? When your DSL internet goes down, do you have a cellular internet failover setup so you can keep pumping the transactions through even if Bell or Rogers is down? Failing that, do you know where your credit card slips and credit card imprinter is if you have to go manual? Does your main system have RAID hard drive protection? Do you have a backup of your critical POS databases, documents, and files? What if the building burned down? Do you have an offsite backup of your data? Are your people informed and trained on what to do in the event of a systems failure? If all else fails, are you prepared with the right business insurance? Will your insurance cover the sort of failures you foresee? Do you have business interruption insurance that will cover income loss in the event that a major disaster caused the business to lose income?

POS Recovery Planning3. Recovery Planning So you have the prevention and backups in place. Great. Do you know what to do with them? Have you tested them? Will they work when you need them? Do you have all the necessary file locations and passwords prepared and procedures documented so that anyone, specifically your managers and service providers could easily follow those instructions and get your POS back up and running with minimal downtime? Better yet, will your team be able to do it on their own? Remember, in a real disaster your service providers may be overwhelmed with the sheer volume of calls and requests for service. As important as we like to think we are, I’m pretty certain we’re not the hydro or telephone company’s only customer – it might take a while for them to get to you.

If this process sounds like it could cost you time and money to complete, you’re right, it can. If you’re wondering if it’s worth it, well, that depends on how much money you can afford to lose if a major disaster was to befall your company and affect your major systems. Sometimes this backup and recovery stuff can be expensive, so how much time should you spend on it and how much money should you spend? The practical answer is that your disaster prevention, backup and recovery systems should be proportional to the amount of loss you would be likely to incur in the event that a major systems failure were to occur. How much tolerance for failure do you have? Can you imagine running your store or restaurant without your information systems? What if your point of sale system was down? What if you couldn’t process a credit card? What if you couldn’t scan products, produce a receipt, issue a scale barcode label at your deli, track your inventory, send orders to the kitchen, package products, use email, make phone calls? If you could lose big – you probably need to spend big.

The average small independent restaurant or retail store however, doesn’t need to spend a huge amount to be better protected. RAID hard drive protection on your POS database server is a second hard drive that will simultaneously write the same information that is being written to your primary drive. It’s a small fraction more added to the cost of your server, but it usually requires that you purchase it when you buy your system and can be a valuable asset if you experience a hard drive failure on your database server. The secondary drive can automatically take the place of the “C:” drive in the event of a primary hard drive failure – minimizing downtime.

Armguard Offsite BackupArmGuard Offsite Backup for example is an automatic backup service that we offer to our customers for less than a dollar a day that will back up their important databases and files offsite and send them a daily email confirming their data has been successfully backed up. Your store could burn to the ground, and insurance will replace your computer systems, but ultimately, it’s your POS data that is the thing that can’t be replaced easily. Many insurance companies won’t cover data recovery if a data backup is not in place. A monitored offsite backup solution virtually eliminates the potential for someone to forget or backup the wrong files, or “cut and paste” instead of “copy and paste” (I won’t mention any names… you know who you are.)

APC UPS DeviceUninterruptable Power Supply (UPS) devices are battery backup devices and many of them have surge protection built into them. You should have one on every POS terminal, every workstation, and a big one on the server. They should be rated to keep your system running and supply power for as long as you need them to, and you should test them periodically to make sure they’re working. One last tip about UPS devices – you should have your network devices protected by battery backup devices too. Having your computer on a battery doesn’t matter much if you have no access to your data server or can’t connect to the credit card processor. Make sure your router, switches, and modem are covered by battery backup and surge protection devices as well.

Sonicwall TZ 215 UTM Network Security ApplianceLastly, internet loss in a business at the very least is a massive nuisance if not a loss of revenue due to the loss of credit, debit, loyalty, and gift card processing at your POS. Most businesses are using DSL internet and a few are using fiber, but these services often use the same “nodes” and when one goes down, they can all go down. There are network routers that offer cellular broadband fail-over options so that when the router senses the loss of regular land-based internet, it automatically switches over to cellular broadband internet services like Rogers or Bell cellular LTE or 4G services. With this sort of internet backup, a bus can hit the telephone pole outside and your DSL can be down for days, but you’ll still be able to process transactions using cellular internet. Oh, and don’t think that you can do this with just any router picked up at your local consumer electronics store. Normally these types of routers are managed commercial devices, and need to be procured through a certified service provider like Armagh POS Solutions. We offer the Sonicwall TZ series of routers for our clients, and all of them come with some sort of wireless broadband fail-over protection option, and can cost as little as $465 depending on your needs. Managed network systems often come with other protection services tied to a monthly fee, and I recommend them highly. They often include extended warranties, proactive replacement services, 24/7 network support, onsite service, guest wireless services, hardware based antivirus services, proactive intrusion protection, and network monitoring services, and for a business of any reasonable size they are worth every penny.

As you can see, minimizing the downside risk of a POS critical system disaster is a manageable project that isn’t so daunting and can be conquered. If you don’t think you can handle it, then you should seek out professional advice and pay for the qualified labour to get it done right. Ultimately, you are responsible for your own risk – and you can choose to do something proactive about it, or you can stick your head in the sand and pray that the disaster never comes. Don’t wait for a disaster to hit your business to think about managing the risk to your mission critical systems like POS systems – use the Toronto flood disaster last night to motivate your managers to take action and protect your store or restaurant today.