Safeguard your Sage software from cyber threats
by Ruth Stockdale, Director of Professional Services
Borrow from the ‘biggies’ when it comes to cybersecurity
Cybersecurity is a significant priority for everyone these days. It can also be a complex and confusing issue. Like many business problems, the best way to start is with an overall strategy. Googling “cybersecurity” produces some interesting information about the variety of strategies. Organizations such as Microsoft, Department of Homeland Security, various municipal authorities, AT&T — all have defined strategy frameworks from which you can borrow.
YOU are a ‘soft target!’
What these frameworks have in common is a definition of separate areas for which to plan. Preventing attacks, protecting data, and minimizing the potential damage in case of an attack are typical areas to consider. It is also important to understand that attacks may now target people more often than just systems. People are soft targets and can innocently cooperate with an outsider by responding to phishing emails and phone calls. Providing login and passwords to a supposed IT person and transferring money to an outside bank based on an email that seems to be from the CEO’s address — both are real-life examples of successful attacks using innocent participants.
Ruth’s tips for prevention
Securing your Sage software needs to part of your strategy and we can help with that. Here are some tips about what to do and what you can expect from us:
Utilize the permissions options in Sage aggressively and keep them current
Your software has operator IDs, task and role permissions and passwords — this is in addition to your network and workstation logins. Avoid “permission creep” when one operator inherits a position, login and possible access that was not intended for them.
Stay informed about what your IT providers do
This includes us — we work with your IT people to accommodate both the requirements of Sage software and their need to secure networks and workstations. Our consultants sometimes need access to your systems remotely to help you, but they also partner with IT to do this securely.
Backup, backup, backup!
Your systems should be totally backed up regularly and the backups should periodically be tested. The generations of backup should be deep enough — far enough back in time to recover in case of a ransomware attack or malware. We can advise your IT people about the specific backup requirements of Sage.
Use various alerts, within Sage and externally
This could include using MyAssistant, system logs, internal exception reports, alerts from your credit card company and banks. We can help with setup and report design for any of the Sage options, and we can help if you need a report or file upload for a bank feature such as Positive Pay.
Train your users
Make sure your people understand the risks. The phone call from an IT tech asking for password information? No IT person is likely to ask for a password, especially over the phone. The emergency email that supposedly came from the CEO to transfer funds to an offshore bank immediately? It is unlikely any CEO would do that, and a true emergency would call for procedures other than an email
Understand how LAI professional services operate
We will always double check with you to get authorization for any change in your contact information in our system. Our consultants will always confirm authorization for any changes to your system. If an email from you looks suspicious, we will call to double check it–your address may have been compromised. Please do the same with emails from any of us.
If you have any questions or concerns about any aspect of cyber security, please ask your consultant or call us. We can provide you information directly related to your Sage applications or refer you to an appropriate resource. We all want to prevent cyber attacks if possible and mitigate damage if they do occur.
Click for our “No Big Deal” support: