How to keep your data safe NOW and in the FUTURE
“Is my data safe in the cloud?”, I am often asked by customers. The questions is (almost) always referring to the platform or the connection beween the device and data centre.
Rarely, if ever, I am asked about the security risks that are their own users and the access they have to sensitive data.
Luckly, Business Central provides multiple options to secure data and prevent malicious or accidental data breaches.
I will group them in PROACTIVE and REACTIVE security measures:
🅰️Proactive security measures – prevents accidental or malicious actions from happening:
1️⃣ Security Groups – allocate users on groups based on their role and activities they need to do in the system.
You’ll know immediately if security is too strict, and probably too late if it is too loose.
2️⃣ Limit posting periods – update General Ledger Setup (posting date from / to) after each month end and use User Setup to grant special permissions
3️⃣ Implement approval workflows to limit business exposure.
For example, limit approval limits per department, type and value of the expense, role in the organisation.
4️⃣ Block unauthorised changes to the vendor bank accounts.
Someone operating payments should NOT have the authority to also change bank accounts.
5️⃣ Enforce budget controls for purchase transactions to prevent overspending
6️⃣ Configure and enforce credit limits for clients to limit exposure to bad debts, unpaid bills etc.
🅱️Reactive security measures – trace who did what and when, so proactive measures are implemented to prevent future security issues:
1️⃣ Activate Change Log for configuration tables and key fields in master data.
Tip: Don’t track everything, change log will become unusable and storage is expensive.
2️⃣ All posted records have a timestamp and a user ID, so it is easy to trace user activities
3️⃣ Assess sensitive data before having them exposed.
Tip: Granular payroll data have no place in accounting, so group them (e.g. department) so they are not easily traced back to a specific employee.
4️⃣ Enforce Reason Codes for credit notes and refunds, so it’s easy to notice out of the ordinary peaks
5️⃣ Use 3-way matching for procurement (purchase order – receive – invoice) to validate if invoices are valid.
Often, a security breach is caused by mistakes, rather than malicious actions. Regarless of what’s the cause, the impact on the business is the same.