DocsTeam & Security
Team & Security

Security Best Practices

Protecting your data and preventing fraud.

Last updated 2025-12-20
5 min read

Security Guidelines

Follow these best practices to keep your system secure and protect your revenue.

PIN Management

Creating Strong PINs

- Use unique 4-digit PINs for each staff member

- Avoid obvious codes like 1234, 0000, or birthdates

- Change PINs immediately if a staff member leaves

- Never share PINs between multiple people

PIN Security

- Staff should memorize their PIN, not write it down

- Managers should change their PIN monthly

- If a PIN is compromised, deactivate it immediately in Admin > Team

Role-Based Access

Principle of Least Privilege

Only grant staff the minimum permissions needed for their role:

- Staff: Can take orders and process payments only

- Managers: Can void items, close shifts, and view reports

- Admins: Full system access including settings and user management

Review Permissions Regularly

Audit user roles quarterly in Admin > Team to ensure ex-staff are deactivated and current staff have appropriate access levels.

Shift Handovers

Cash Accountability

- Always count the cash drawer at shift start and end

- Record the exact amount in the system

- Investigate any variances immediately

- Never leave the register unattended with cash inside

Manager Oversight

Require manager approval for:

- Voids and refunds over a certain amount

- Manual discounts

- Closing the shift with cash variance

Terminal Security

Physical Security

- Keep terminals in view of cameras

- Lock tablets when not in use

- Use device passcodes in addition to POS PINs

- Report lost or stolen devices immediately

Pairing Management

- Unpair devices that are no longer in use

- Review active terminals weekly in Admin > Terminals

- Generate new pairing codes if a device is lost

Data Protection

Backups

Your data is automatically backed up daily, but you should also:

- Export reports monthly for offline storage

- Keep copies of Z-Reports for tax purposes

- Download transaction logs quarterly

Customer Data

- Only collect customer information when necessary

- Never share customer emails or phone numbers

- Delete old customer records per GDPR requirements (Admin > Settings > Privacy)

Fraud Prevention

Red Flags to Watch For

- Excessive voids by a single staff member

- Large discounts applied without manager approval

- Cash variances that always favor the staff member

- Orders deleted before payment

Audit Tools

Review these reports weekly:

- Void Report: Track all deleted items

- Discount Report: Monitor manual discounts

- Cash Variance Report: Identify counting discrepancies

- Refund Report: Check for suspicious refund patterns

Network Security

Wi-Fi Best Practices

- Use a separate network for POS terminals (not guest Wi-Fi)

- Change Wi-Fi passwords quarterly

- Enable WPA3 encryption if supported

- Hide SSID broadcast for POS network

Printer Security

- Printers should be on the same secure network as terminals

- Change default printer passwords

- Disable unnecessary printer services (FTP, Telnet)

Incident Response

If You Suspect Fraud

1. Immediately deactivate the suspected user's PIN

2. Export all transaction logs for the relevant period

3. Review void and discount reports for anomalies

4. Contact support@tablecore.app for assistance

5. File a police report if theft is confirmed

If a Device is Lost

1. Unpair the device in Admin > Terminals

2. Change all manager PINs as a precaution

3. Review recent transactions from that device

4. Enable remote wipe if the device had sensitive data

Compliance

Fiscal Regulations

- Never delete finalized invoices (it's illegal in most jurisdictions)

- Keep all Z-Reports for the legally required period (typically 7 years)

- Ensure fiscal printer signatures are never tampered with

GDPR Compliance

- Only store customer data with consent

- Provide data export on request

- Delete customer data on request (Admin > Privacy > Data Requests)

- Maintain audit logs of all data access

Training

Onboarding New Staff

- Provide security training during onboarding

- Explain the importance of PIN confidentiality

- Review void and discount policies

- Show them how to spot suspicious transactions

Ongoing Education

- Hold quarterly security refreshers

- Share updates on new fraud techniques

- Reward staff who report security concerns

Related Articles

Adding Staff & Roles

Creating user profiles and setting permissions.

TableCore Assistant

Online
Hi there! 👋 I'm your TableCore assistant. How can I help you today?

Powered by TableCore AI • Visit Knowledge Base