Does Your Golf POS Protect Your Data?

Posted by Alex Lavoie on December 19, 2018

It’s been said many times: data is king. Golf courses today need to rely more and more on the powerful insights that data can provide. However, with great power comes great responsibility.

When your customers share sensitive and personal information with you, your operation has the duty to keep that information confidential and safe. Exposing customer data to hackers, third parties, or even a disgruntled employee, would be a major breach of trust.

Losing your customers’ trust due to a data breach could be just as much of disaster for you as it is for companies with much larger databases.

You don't have to look far to see how insecure data storage can cause significant headaches. Massive companies like Facebook and Equifax have been in the headlines for allowing unauthorized access to their data and selling vital information to third parties and resellers. These costly mistakes will haunt those companies for years and cost them millions of dollars in fines and legal fees, not to mention the loss of trust from their customers and the public.

While your golf course doesn't have access to nearly a billion people's data like Facebook, golf courses still handle a great deal of sensitive information, which is stored inside your golf management system (POS and tee sheet software). So, the responsibility of ensuring the safety of the data you store falls on both the software provider you choose to partner with and the strategies your team uses to keep passwords and access secure.

banner blog business intelligence

How does cloud-based software keep your data safe?

The first question we must answer is who are we trying to keep data away from? There are a variety of reasons why someone would want access to your customers. In general, there are three identifiable categories of people whom you want to keep customer information away from:

Since each group has a different set of tools and reasons to steal data, it takes different tactics to ensure complete safety.

Protecting against hackers

Hackers typically exist on the outside of an organization. They access data through back doors, by-passing passwords with brute force, and phishing for personal information. The number one best practice to protect yourself from a hacker is to use strong and unique passwords.

Phishing is when a hacker tricks someone into divulging personal information or passwords through a fake website or email. To protect against this don't enter personal information on websites that seem fake or untrustworthy. If someone emails asking you to enter your password somewhere, don't do it unless it’s a trusted contact or someone you know personally. Phishers can be very creative with how they deceive their targets so be very careful and vigilant with how you use your passwords.

When it comes to your tee sheet software itself, most cloud-based software is hosted by Amazon Web Services, which is virtually impossible to hack. Their servers are protected according to financial industry regulations. These servers are protected by the absolute best technology in the industry. If the AWS fortress were ever to be breached due to a security issue on their side, it would be an enormous headline and a lot of people's data would be at risk, not just yours.

Still, the responsibility to protect your data falls just as much on your side as it does Amazon's. You need to make sure to take the precautions necessary to ensure a hacker cannot get the keys to your system and extract credit cards, emails, and personal information that can be used for identity theft.

Don't give unhappy employees or snooping golfers a chance

Golf courses go through many seasonal changes. At many facilities, new employees join in the spring and leave in the fall. These employees will undoubtedly come in contact with whatever software you use, which means that if the right protections don't exist, your employees may gain access to customer data.

You don't want an unhappy employee to use your hard-earned data for malicious activity. Make sure your tee sheet software has a system for limiting employee access so they can only use the parts of your software that are necessary. Every employee needs a different level of access, so make sure your system can provide a custom access level to each kind of employee.

Just as you control the amount and type of data your staff sees, golfers likewise should not be given access to all data. Yes, it may be helpful to allow your members to access some data to facilitate round bookings, but you might not want public players to know who is playing. We know golfers like to brag about (or hide) their handicap, so give them the option to share that side of themselves if they choose.

With modern software, payment information is highly protected, so you can rest assured that golfers who pay online won't have their data seen by their partners or others at the course.

Make sure third parties don't get a back door

Every so often, we hear about some company selling its data to third parties who use customer data to sell other products to their customers. It's not as uncommon as you may think, many companies include clauses in their contracts that allow them to sell their data to larger organizations.

Your golf management system provider may use words like partner or affiliate to identify the larger organization. But because your business relationship is with your golf management system, the terms "partner" or affiliate" should alert you to the potential for a third party accessing your data or inventory.

Make no doubt about it, golf management systems get access to a lot of data. They collect information from you, your members, and your public customers. You may not want a third party to gain access to your customers’ personal information unless you fully understand the implications. Explaining why your customers are getting unsolicited emails and marketing is a headache you don't want to have.

Make sure that before you sign a contract with your golf management system provider, you know exactly how your data can and will be used. If there are clauses you don’t agree with buried in the fine print, you may want to think about going with another provider.

What to do if your data gets compromised

In the event that customer data is stolen by hackers or employees: change your passwords immediately, cancel any credit cards affected, alert the authorities and inform any customer that may have been compromised. Transparency is key, and your customers will appreciate a clear commitment to resolving the issue.

Make sure to track all interactions in your software and data centers so you can help the authorities track down the party responsible for the breach. You may want to reach out to your golf management system provider for help in identifying unauthorized access, especially since malicious users usually leave digital fingerprints in the system.

What can you do if you find yourself in an agreement where you have unwittingly allowed your golf management system provider to access, share, and possibly sell your customer data?

Contact your provider immediately and ask them to edit the contract and remove the clause in question. If your provider is unwilling to change the contract and this issue is important to you, you should seek to work with a provider who is receptive to your needs and concerns.

Your customers will hold you responsible

If there's one takeaway from this article, it is that your customers give you the privilege to use their data to better understand their behavior. This voluntary transaction gives you the tools to analyze behavior and purchase patterns so you can improve your marketing and generate more revenue. 

As you take your next steps towards data security, here’s five questions to keep in mind: 

  1. Should your golf course be allowed to share data in any form?  If so, in what cases should data be shared?
  2. Do you run your own (email) marketing campaigns or have you hired a third party company to assist?
  3. Is a golf course allowed to share customer data at all or with a third party?  Do you want your customer data to be shared with third parties? Why or Why Not?
  4. In what cases should your golf course ask golfers for permission to share golfer data with others?
  5. What training will you put in place to ensure passwords are safe?

Here is a link that can help answer some of these questions.

banner blog switchover guide 2