Security Tips and Housekeeping for Restaurant Employers and Workers

The hospitality industry is more digitized and automated than ever before. And that’s a great thing — because the right solutions can save crazy amounts of time, cut costs, and generally make everyone’s life a whole lot easier. 

But with new technology comes new best practices, especially when it comes to cybersecurity.

Kickfin, like many other software companies, keeps this top of mind. Our product team has built a platform that takes security insanely seriously — in fact, it’s our number-one priority.

And on the Customer Success side, we do everything in our power to ensure Kickfin users are trained to recognize and avoid any potential risks before they ever log in to the platform.

Of course, some of those things are easy to forget even for the most tech-savvy customer — especially when you’re short-staffed and over-booked. But to make things more challenging: best practices are always evolving.

That’s why, periodically, we recommend customers assess the overall strength of their cybersecurity to help prevent any unwanted threats to their businesses. Below is a rundown of the most important and effective ways that Kickfin users can protect themselves and their companies from cybersecurity threats. 

(Keep in mind: these are coming from your friends at Kickfin, but most apply to any software solution or platform that’s linked to personal, financial or otherwise sensitive information.)

Why should I care about cybersecurity?

According to a report by Cisco Systems, phishing accounted for the second most common threat against business. It’s “popular due to its simplicity and effectiveness…, accounting for 90% of data breaches.” 

Typically, with phishing, a perpetrator will:

  • Target your end users, bypassing any system-based protections you have in place.
  • Contact your users via email, though some phishing attacks also occur by phone.
  • Try to get access to your system by getting your end users to provide a password or to click on a link that will install malicious software on your computer systems.

Phishing scams can generally happen to anyone or on any software platform, regardless of how airtight the security mechanisms are. In many ways, it’s like a thief gaining access to a safe. They’re not breaking into it; they’re tricking the owner into opening it for them.

The Tech Support Phishing scam is on the rise – and one that we think you are most likely to see in the hospitality industry. As recently as October 2022, the FBI issued a warning to business regarding scammers targeting financial accounts by claiming to be customer or tech support representatives from tech companies. One key method they employ is the installation of remote desktop software on the victims’s computer in order to gain control of the computer and, ultimately, of the financial accounts. In 2021, there was $347 million in losses due to tech support scams, impacting almost 24,000 victims.

Fortunately, there are several things you can do to ensure this doesn’t happen.

How to protect your restaurant from cybersecurity threats

At the end of the day, you really can’t control whether you’re the target of a phishing scam — but you can control how you react and whether they’re successful. As always, knowledge is power. 

Here’s how to ensure phishers aren’t given the “keys to your safe,” so to speak.

1. Use the principle of least leverage

Only give users the absolute minimal access they need to do their jobs. Again, that goes for any software you’re using, but within Kickfin, there are four user roles with varying privileges: 

  • Org Admin: Has access to all locations in the organization; can add/edit/delete users and make payments at any of the locations. We recommend that the number of org admins be kept to the bare minimum of who needs access.
  • Site Admin: Has access only to those worksites to which they are assigned; can add/edit/delete users and make payments at those locations.  We recommend that the number of site admins be kept to the bare minimum of who needs access.
  • Manager: Has access only to those worksites to which they are assigned; can only make payments at those locations; cannot add/edit/delete users.
  • Employees: can only receive payments from those worksites to which they are assigned. They have no access to the administrative areas of Kickfin. Most of your staff should be in the Employee role.

Again (just for the folks in the back!): the majority of your staff should not have Org Admin, Site Admin, or Manager privileges.

2. Educate your staff on proper password management.

Many people are well aware of proper password management, but it’s easy for anyone to get complacent, especially if you’ve never before been the target of a phishing scam. Top things to know about password security:

  • Kickfin will never call you and ask for your password. Legitimate service providers will not ask you for your password to assist you with their system.  This is a common tactic of phishing scam artists in order to gain access to your accounts.
  • Do not share your password with anyone. (Ever.) Managers should not share their passwords with others in the organization, and we do not recommend using a generic login (such as generalmanager@restaurant.com).
  • Passwords should be unique to the individual. Make it something you can remember, but that is not easy to guess. They should not include any commonly used catch-phrases or mottos belonging to your organization.
  • Passwords should contain multiple character types. Consider using numbers and symbols to replace letters in a word, for example D3liciou$Eats! 
  • Use a passphrase instead of a password. A long phrase (the longer the better!) is much more difficult to crack, such as !tal!an Food !$ my Favor!t3
  • Do not use the same password for multiple systems. If your password is compromised, you can limit the harm caused by only using it for one system.
  • Do not make your password accessible. For example: do not write the password on a post-it note stuck to the monitor or under the keyboard or mousepad.
  • Consider a password generator. Your team may want to consider using automatic password generators that are available through most operating systems, or using a password manager that will generate a site-specific password that is randomly generated and virtually impossible to guess.

3. Clean up your user list.

Remove any employees (particularly Admins and Managers) who are no longer with your organization.  Make sure everyone has the right role for their job (see #1 above!).

4. Take extra steps to protect shared computers.

If your team members are using a shared computer, encourage your users to log out of important systems and applications each time they step away from the computer to avoid someone using their account session for illicit purposes.

5. Educate your staff on how to avoid phishing scams and social engineering hacks.

Provide them with training on common phishing and social engineering techniques, how to avoid them, and how to respond to them.

6. Develop a cybersecurity action plan.

Know who to contact in the event of a breach and how best to protect your business.  Make sure all managers know your company’s protocol for reporting an incident should one occur.

What to do if you’re the victim of a phishing scam

Chances are, you’re already doing a lot of things right.

If you, an employee or your business becomes a victim of a phishing scam, please do the following:

  • If it involves your Kickfin account, notify our support team immediately. We can help minimize the loss and help you recover your account.
  • Report the incident to your local law enforcement agency, the FBI’s Internet Crime Complaint Center at www.ic3.gov, and FTC’s Report Fraud site at www.reportfraud.ftc.gov
  • Make sure all passwords are updated with new passwords that include letters, numbers and symbols.
  • Scan your computer to make sure any malicious or unknown software has been removed.

And as always, we’re here to help. If you’d like a security review of your account, please contact us at support@kickfin.com.  We’ll work with you to ensure that all your users are in the appropriate role for their needed level of access.

You might also be interested in

We know how important same-day payments are for veterans of the service industry who are accustomed to quick cash — and we’re now seeing that same demand expand into other industries as well. 

Kickfin co-founder Justin Roberts joined MasterCard’s InConversation Webinar series to discuss why immediate payment disbursal is key for the restaurant industry and the gig economy as a whole.

Watch the webinar here or read our recap for the highlights: 

People live paycheck-to-paycheck

Not just some people are living paycheck to paycheck. Most people are. 

That’s right: around 64% of U.S. consumers are just getting by. Even more shocking, 51% of consumers who earn over six figures are still living paycheck to paycheck, despite their higher tax bracket. 

It’s a major reason why employees need access to their earnings sooner rather than later. The pressure of watching your bank account slowly drain in the two weeks between payday is putting a lot of pressure on people, leading to a much greater demand for instant payments than ever before. 

Instant payouts are now table stakes

A PYMNTS study found that people of all ages prefer to be paid out immediately, as well as some other interesting statistics:

  • When given the choice, 68% of respondents said they would opt for an instant pay out
  • 40% of gig workers surveyed were willing to pay a fee for an instant disbursement
  • 81% of respondents were willing to switch jobs to an employer that offers instant access to earned wages and tips

It’s safe to say instant payouts are becoming the expectation for today’s modern workforce. But not all instant payouts are created equal.

Consumers are much more likely to engage with an instant payout system if they aren’t required to share their bank account and routing numbers and can access funds with just their debit card credentials. Why? It’s faster, more convenient, and feels more secure. 

Instant payouts and tip management: a perfect use case.

Instant payout innovation has come at the perfect time for the restaurant industry, which is struggling more than ever with the hassles and cost of cash.

If you’re in the restaurant biz, then you know: Most consumers pay with credit cards these days, not cash. That means there’s rarely enough cash on hand to pay out tips at the end of a shift. But employees still want and need instant access to their tip earnings.

Enter: instant payouts. Offering employees the option to receive their tip earnings directly to their bank of choice, the second their shift ends, can go a long way in improving employee satisfaction and ensuring their financial security.

But instant payouts are more than a work perk for employees. The operational benefits for employers range from reduced administrative burden and significant time savings to stronger compliance and streamlined reporting.

Modernizing your tip management strategy: 5 best practices 

There are three key components to your tip management strategy: 

  • Tip pool policy: How are you divvying up tips among your staff? 
  • The payout method: How are you distributing those payments?
  • The systems and tech: What are you using to facilitate those payments?

Under the current circumstances, restaurant operators are under immense pressure to bring their tip management into the future. 

5 best practices for tip management 

Based on our experience working with restaurant operators across the country, we’ve found that these five practices are the perfect recipe for building a successful tip management system.  

  1. Determine the right model and method for your restaurant, based on your location and tech stack
  2. Get a written tip policy (and get it legally approved
  3. Solicit employee feedback in a structured way
  4. Leverage technology for efficiency, accuracy, and compliance
  5. Don’t over-complicate (but do over-communicate!)

Tip management solution must-haves

When seeking a new tip management solution, make sure you carefully vet each system to see if it really meets your needs, or if it’ll be just as frustrating as cash. Here are a few suggestions for what should be on your checklist: 

  • Instant payouts
  • Direct to bank of choice
  • Availability of employee funds
  • Payroll option 
  • Integrations 
  • Simple implementation + onboarding process 
  • Around-the-clock customer service 

Big emphasis on strong customer support teams. Restaurants and bars don’t have “typical” business hours, so neither should your tech support.

Bar Louie automates payouts with Kickfin 

In a recent case study, we took a deep dive into our partnership with Bar Louie, a chain with over 60 locations that took advantage of our new integration with Toast. They made the switch from cash payouts to Kickfin’s instant, direct-to-bank payouts and haven’t looked back.  

Two-minute tip-outs

Before Kickfin, managers spent an average of 45 minutes per shift working through Bar Louie’s complex tip out policy and counting cash. The tip pooling rules were important to them — it’s what makes the entire staff feel like they’re getting their fair share. 

Using the Kickfin0Toast integration, Bar Louie was able to automate the tip pool calculation process and send tips straight to employees in under two minutes – a potential annual savings of 15,000 labor hours across all locations.

>> See more customer success stories 

Do you want to see these kinds of cost-saving results at your business? Let’s talk. Get a demo of Kickfin and see why restaurant owners and employees alike trust us to manage their tips.

Kickfin’s best-in-class tip calculation tool has some exciting new bells and whistles.

If you’re already using Kickfin’s tip pool calculator, then you know how much time and hassle you’re saving by automating everything. (And if you’re not? Head over to our tip pooling software page to see how it works!)

As we partner with more restaurants to bring their tip management into the future, we’re continuing to innovate our product so we can address their biggest pain points.

In this case, that means enhancing our tip pooling features so you can auto-calculate tip amounts even for the most complex or unique tip pool or share policies.

Check out a few of our latest features that will make tip calculations easier than ever.

New Release: Splitting Large Party Tips 

If your restaurant often hosts large parties, you know that the tip share can get confusing. Say one server is taking care of a party of 40 with a bartender assigned to only make drinks for that party. Meanwhile, the server has a few other two-top tables that are getting drinks from the main service bar. At the end of the night, how do you ensure that the large-party bartender gets their fair share of the tip out (without spending an hour on your phone calculator)? 

Kickfin can now automate that process for you, alleviating questions from your event bartender and saving time and effort on the part of your managers. 

Seamless Integrations 

Kickfin is partnering with your POS system to integrate seamlessly with your existing restaurant tech. Already, we’re serving Toast customers through our integration — and your POS just might be up next. 

Kickfin integration users get access to new product features first, like our new tip-out transparency tool. Your employees can log into their Kickfin accounts and see exactly how their tips have been split between team members, offering them full transparency into your tip policy in action.

Manager Tips 

We’re always listening to feedback to improve the Kickfin experience, and this one goes out to all of our restaurant partners who asked us to streamline the manager tip reallocation process.

>>Learn more about managers & tipping laws

In most cases, managers are not allowed to earn tips since they are salaried employees. But we all know that managers often step in and take care of tables to help servers get out of the weeds. Well-meaning guests will most likely leave a tip, not knowing that the manager technically can’t accept them — so where does that money go?

Kickfin now features a default pool, where tips “paid” to a manager are automatically redistributed to tipped staff based on your restaurant’s tip policy. 

Improved Labor Data Accuracy

We all know how easy it is for an employee to forget to clock out after a long shift. And sure, they aren’t going to get paid for a 16-hour overnight shift, but when payday comes around, those extra hours create a nightmare for your payroll team. 

With Kickfin, all employees are required to be clocked out in order to finalize payments — so you’ll catch the labor data mistake long before your payroll team has to sort it out. 

Even Better Security 

We’re committed to protecting you and your employees’ hard-earned money, so we’re adding an extra layer of security for certain transactions. You can now enable double approval of payments that meet certain conditions:

  • First payment for new employees
  • Employees getting their first payout in X number of days
  • Employees receiving more than X payouts in a 24-hour period. 

With these extra guardrails in place, you can always be sure that the right money is going to the right person. Reach out to our support team to configure your custom security measures.

Using Kickfin is a win-win for operators, managers, and employees alike. Restaurateurs save on cash delivery and labor costs, managers shave hours off their workload, and servers have the same instant payment that they’re used to — without the hassle and uncertainty of cash. 

Want to learn more about Kickfin? Let us show you the ropes with a demo

You heard it here first: 2024 is the year of integrations. 

In an effort to make Kickfin even more user-friendly and adaptable for our partners, we’re working with restaurant tech leaders to integrate our tip management solution with their existing systems. 

First up — Toast! A trailblazer for cloud-based restaurant management technology, Toast is a favorite POS system for restaurants, food trucks, and bars. You probably know them best for being the first to create handheld POS devices, drastically changing the entire restaurant ecosystem. To make life easier for their customers, Toast partnered with Kickfin to create an integration that makes tip pooling, tip distribution, and calculation smoother. 

As restaurant tech innovators ourselves, this partnership is the perfect fit for Kickfin. 

Our goal at Kickfin is always to save time for managers, prevent loss for operators, and create more financial freedom for hospitality employees through pioneering technology that digitizes many of the analog processes that the restaurant industry is built on. 

As a member of the Toast Partner Ecosystem, we’ll be able to deliver our product to Toast customers and modernize their tip management systems with ease. Using technology that they’re already familiar with, Toast customers can reap the benefits of Kickfin with minimal ramp-up upon implementation.

“No two restaurants split tips the same way, but invariably, it takes too long and involves too much risk,”  said Justin Roberts, the co-CEO of Kickfin. “This integration allows for the utmost customization with a near-zero learning curve — truly the best of both worlds for restaurants that want to save time, reduce labor costs and make life easier for their team.”

And one of their partners is already enjoying the ROI with Kickfin. Bar Louie takes great pride in making tip distribution equitable for all of their employees, so they rely on a complex tip pooling system to ensure fair pay. Prior to using Kickfin, managers at each of their 60 locations spent 45 minutes at the end of every shift to make calculations and divvy out funds to all of their servers. Now, they’ve streamlined their tip-out process with Kickfin — and managers are doing the same work in less than a minute! That’s an annual average of 15,000 hours saved across their entire chain. 

>> Hear more Kickfin success stories

After implementing Kickfin, managers can spend their time on what matters most: delivering excellent customer service. That means more table touches, more support for your staff, and more time to focus on server training. 

With managers spending more time on the floor (instead of counting cash in the back), you’ll see better customer reviews, better service, and increased sales — all from digitizing your tip-outs with Kickfin.

We’re excited about our new partnership with Toast and the opportunity to make digital tipping a reality for their customers. For restaurants who aren’t using Toast, don’t worry! We look forward to providing similar integrations across the restaurant tech industry.  

Want to see these results for yourself? Find out how to become a Kickfin integration partner or check out a demo of our platform.

No growing pains here! 

We’re thrilled to announce that Inc. listed Kickfin in their list of the top 10 fastest growing companies in the Southwest. (In fact, we earned the #1 spot in the software category and were listed as #9 overall!) We’re honored to be included alongside innovative companies that are making a big difference in our region. 

Inc. measured Kickfin’s growth from 2020 to 2022 — which wasn’t an easy time for the restaurant industry, to say the least. In spite of the challenges posed by the pandemic, restaurant concepts across the country embraced Kickfin’s technology. 

As a group, the 2024 Inc. honorees averaged 136% growth and created 17,606 new jobs over a two-year period. Individually, Kickfin grew by a whopping 1,304% (yes, really!).

We want to recognize and thank both our amazing customers and the Kickfin team for being part of our success story and allowing us to be a part of theirs. 

Our Customers

For years, restaurants manually calculated and paid out cash tips — despite the increasing hassle and liability those old-school methods entail. It’s not because operators are tech-averse; there simply wasn’t a good way to automate the process that didn’t create new friction or require new workarounds. 

That’s precisely why we developed Kickfin. Of course, we’re proud of what we built and the team behind it (more on that below). But we owe a great deal of our success to the customers who trusted us enough to give Kickfin a shot — especially those early adopters who are now some of our longest-standing customers.

There’s a leap of faith involved when you partner with a vendor and layer in new technology, particularly when it impacts something as important and sensitive as how you pay your people.  We don’t take that lightly, and we are incredibly grateful for the opportunity to serve each and every customer who’s been on this journey with us.

>> Hear from our customers about their experiences with Kickfin

Our Team 

Every person on our team wholeheartedly believes in our mission and vision for the future. In short: we’re here to make the tip management process insanely easy for everyone so that paying out your people is (almost!) as great as getting paid. 

As backstory: Our co-founders, Brian and Justin, came up with the idea for Kickfin while dining out together and noticing that an armored car was dropping off cash. They asked why a restaurant would need a cash delivery when most patrons pay by card; the manager explained the cash was needed to pay out tips at the end of the shift. The inefficiency (and expense, and risk…) of that process was a lightbulb moment for Brian and Justin.

They set out to build a team who not only understood the problem, but could think critically and creatively about a solution — and bring it to life. 

From sales and marketing to product and support, every Kickfin employee has had a hand in the growth and success of our company, thanks to their passion for our purpose and their commitment to being best in class.

We’re proud of what we’ve achieved thus far, and we’re excited to continue collaborating with our customers, innovating on their behalf, and taking Kickfin to the next level together. Onward and upward!

See Kickfin in action!