At the Frontline with Honeybaked Ham’s IT Systems/Security Manager Erik Goldoff

Goldoff discusses what keeps him up at night, plus working through convergence issues


There are a handful that do that, and that's one of the bigger reasons not to have wireless. Store managers hate me for that; they call me the Network Nazi. But if you put a wireless device in the parking lot, you make it easy for somebody with a laptop and a Pringles can (to tap in).

The actual POS software is our software-we wrote it. We couldn't find anyone else's POS software that really met our needs for our business model. The data that's written is encrypted, and (the register) equipment should never be left unattended out there, so it's not like somebody can just grab it and walk away or plug into the network to see what else is there. Each device that's out there has a statically assigned IP address. There is no DHCP out there, so as an example, if we have a point of sale with an IP address of 192.168.12.123, if you plug in a device with 124, it will not be recognized as a valid IP, so he doesn't get to play on the network. So there are some little obfuscations that we do. Each IP is meaningful to the system.

ST&D: Honeybaked runs both retail stores and franchises. What security challenges come along with this setup?

Well, the franchises are in the process of converting from older, standalone POS systems to our integrated system, so at the end-of-day checkout, all the data is aggregated up at corporate, where it's protected by controlled access. Part of the issue, though, is that when you have a franchisee, they're not an employee. But they have to understand what's going on with the data. To date there hasn't been a problem, it's just a matter of making sure the franchise agreement is clear, so if they want to bank on our brand name, there are certain things they have to do to live up to that, both on the security and the business side.

ST&D: When do you expect the transition to the integrated system will be completed?

It's an optional choice on their part. We'd like to see it by the end of the year. We had a significant number already prior to this Thanksgiving and Christmas holiday. Our POS software is so much more beneficial to their business planning. Basically, you let them come see it, and they want to know how quick they can get it.

ST&D: How much increased traffic do you get during the holidays?

We probably do more than 60% of our business in eight weeks out of the year, and we probably do 60 % of that in probably two days. We have stores in the off season that may have seven to 10 employees, that during the peak season have seasonal temps up to 150. That's one of the reason why the general market POS really didn't meet our needs.

There's a small number of people that actually run the cash registers, and even in the stores that don't go out to the sidewalk, we'll move the registers from the product counter out to a lobby so we can run the customers quickly through a line. This year we had a 10 or 15 minute guarantee. Part of the reason we were able to offer that is that now we've implemented our own IP credit authorization, so hopefully your credit card gets authorized in about four seconds instead of 15 to 30.

ST&D: Do you work with physical security to enable an enterprise-wide security approach?

There is a loss prevention officer, and he works alongside IT (on issues like) barcode scanning and gift certificates. Abuse of the gift certificate process changed the way we worked that. Used to be we'd get a case of gift certificates printed up and each store would have a case, and you'd sell them and note what the serial number was. Say you have one dishonest person out of 20,000, somebody who grabs a handful of gift certificates-now you've got an issue. Instead, the developers on our site have worked out a system where we do MICR printing. We actually print the gift certificate on demand. So there's a lot more control in place there.

In addition, as far as physical security is concerned, we used to have video like a bank's 24-hour VCR for security. That's now been augmented by digital video that runs from two or three regular cameras and one quad camera. So physical security of our staff is important to us. Every retail store has a digital video system. We can go across the network and retrieve those individual video files.

ST&D: How long has this been the case?