Securing Your Acumatica Environment: Best Practices

Are you in search of a cloud-based ERP solution that helps businesses manage their finances, operations, and customer relationships? Acumatica is exactly what you need. Acumatica offers many benefits, such as scalability, flexibility, mobility, and integration. However, to fully enjoy these benefits, you need to ensure that your Acumatica environment is secure and protected from cyber threats. What are the best practices to secure your Acumatica environment.

Cybersecurity is a critical issue for any business that uses cloud services, especially in the era of remote work and digital transformation. According to a report by IBM, the average cost of a data breach in 2020 was $3.86 million, and the average time to identify and contain a breach was 280 days. Data breaches can damage your reputation, customer trust, and bottom line.

Fortunately, Acumatica provides several features and tools to help you secure your Acumatica environment and data such as:

  • Physical security – Application code is all run on the server which can be deployed on-premises or at a secure data center.
  • Transmission security – Every session is authenticated while all communication is encrypted without the need for a VPN.
  • Storage security – Data is encrypted and stored on the server. Business logic is the only way to access sensitive data.
  • Access security – Acumatica provides federated security and two-factor authentication. Object level access controls provide role-based access to specific screens, inquiries, fields, and reports.
  • Data Security – Accessibility permissions can be set at the account, sub account, and customer level including for other objects for all screens, inquiries, and reports.
  • Application Security – Verification logic and application code are all managed on the server to eliminate client-side data manipulation.

We’ll share some of the best practices for securing your Acumatica environment, based on the official documentation and expert recommendations.

Use a strong password policy

Securing Your Acumatica Environment: Use a strong password policy

One of the simplest and most effective ways to secure your Acumatica environment is to use a strong password policy for your users. A strong password policy requires users to create complex and unique passwords that are hard to guess or crack. Acumatica allows you to configure the password policy for your tenants and users, such as the minimum length, complexity, expiration, and history.

You can also enable two-factor authentication (2FA) for your users, which adds an extra layer of security by requiring a verification code or a device in addition to the password. Acumatica supports various 2FA methods, such as email, SMS, Google Authenticator, and Microsoft Authenticator.

Monitor user activities and access rights

Securing Your Acumatica Environment: Monitor user activities and access rights

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Another important aspect of securing your Acumatica environment is to monitor user activities and access rights. You need to keep track of who is accessing your system, what they are doing, and whether they have the appropriate permissions. Acumatica provides several tools and reports to help you monitor user activities and access rights, such as:

  • The Audit History feature, which records the changes made to the data and configuration of your system by users.
  • The Login History feature, which records the login attempts and sessions of your users.
  • The User Access Rights Report, which shows the access rights of your users to the screens, actions, and data of your system.
  • The User Roles Report, which shows the roles and permissions assigned to your users.

You can use these tools and reports to audit your user activities and access rights, identify any suspicious or unauthorized actions, and enforce the principle of least privilege, which means granting users only the minimum access rights they need to perform their tasks.

Encrypt your data and connections

Another essential practice for securing your Acumatica environment is to encrypt your data and connections. By default, sensitive data is encrypted, but you can easily modify Acumatica to encrypt additional fields. Encryption is the process of transforming your data into an unreadable format that can only be decrypted with a key. Encryption protects your data from unauthorized access, modification, or theft.

Acumatica supports encryption for both your data and connections, such as:

  • The Database Encryption feature, which encrypts your data at rest in the database using AES-256 encryption.
  • The SSL/TLS Encryption feature, which encrypts your data in transit between your browser and the server using HTTPS protocol.
  • The SFTP Encryption feature, which encrypts your data in transit between your server and external systems using SSH protocol.

You can enable and configure these encryption features in your Acumatica environment to enhance the security and privacy of your data.

Update your system and software

Another best practice for securing your Acumatica environment is to update your system and software regularly. Updating your system and software ensures that you have the latest security patches, bug fixes, and enhancements for your Acumatica environment. Updating your system and software also helps you avoid potential vulnerabilities and exploits that could compromise your security.

Acumatica provides several options and tools to help you update your system and software, such as:

  • The Automatic Updates feature, which allows you to schedule and automate the updates of your Acumatica environment.
  • The Customization Projects feature, which allows you to create and apply customizations to your Acumatica environment.
  • The Acumatica Updater tool, which allows you to manually update your Acumatica environment.

You can use these options and tools to update your system and software regularly and keep your Acumatica environment secure and up to date.

CAL Business Solutions and Acumatica

Securing your Acumatica environment is a vital and ongoing process that requires your attention and action. By following the best practices we discussed in this blog post, you can improve the security and protection of your Acumatica environment and data. You can also leverage the features and tools that Acumatica provides to help you secure your Acumatica environment.

When we began selling Acumatica Cloud ERP, we knew the best way to really understand it from all sides was to use it internally. So that is what we did.  We implemented Acumatica for ourselves, giving us first-hand knowledge and we are confident to recommend Acumatica to our clients, not just based on the technology, but from the standpoint of an end-user.

If you need any assistance or guidance on securing your Acumatica environment, contact us today. We are a certified Gold Acumatica ERP partner, our expertise and experience can help you secure your Acumatica environment and achieve your business goals.

By CAL Business Solutions, Inc., Connecticut Acumatica & Microsoft Dynamics GP/365 BC Partner, www.calszone.com