Permissions Policy

CAUTION!

SuperSalon’s Permissions functionality is one of the POS’ first lines of defense from unauthorized use, and therefore should be treated with the utmost respect, without exception. The purpose of this article is to clarify RSD’s policies when it comes to these security measures, and what is and is not authorized in regards to them.

Changing Permissions

ProPoint’s policy on who can and cannot authorize changes in permissions on a client’s system can be summarized in three simple points:

Only salon / franchise OWNERS are able to authorize permissions changes.
Nobody else.
When in doubt, review first point.

Note how the word “owner” is so much different from the word “manager“, or even “boss“. And managers who happen to know the Owner password are still “managers” for the purposes of Permissions. No exceptions.

Don’t let the levity that went into that list fool you into thinking this is not a very serious issue. Failure to comply with authorized and unauthorized permission change policies are considered some of the more serious infractions that comprise dereliction of duty in the support department.

WARNING – YOUR JOB IS AT RISK

In cases of catastrophic or repeated incidents; support technicians are almost always released from the company when found to be culpable. It’s that serious!

Social Engineering and Cybercrime

Hollywood likes to give us the vision of a hacker as someone who can almost magically enter networked systems from their techno bunker far beneath the floor boards of their parents’ house. And while there is certainly some truth to it, more often than not, a successful “hack” is the result of something called Social Engineering.

This is a term used to describe someone getting grifted or scammed, and it’s responsible for far more success for the bad guys than any infiltration savant from the TV.

An example of Social Engineering would be a phone call to an office claiming to be either a client or other important person who has lost the login credentials to one of their important online resources. They will usually sound hurried and / or embarrassed, or even angry.

All three of these emotions are projected onto the person answering the call in order to garner a fast response. People who work in customer service will almost always respond quickly to an angry caller, and then possibly not even realize that they had been scammed for important information that may very well cost the company dearly.

Adopt the mindset, when it comes to permissions, that anyone and everyone who calls about them are a potential threat to that POS’s security. A security that we as a company stand by with our reputation. No matter how angry, hurried, pushy, or friendly the caller may be, stick to your guns and never concede any change that is not owner authorized.

Page updated

Report abuse