October 16, 2020 10:10 am | by Maddie Kent
Take these easy measures to keep your data safe and protect your business today.
In today’s tech-savvy digital world, the landscape of cybercrime is rapidly changing from bedroom computer hackers to much more professional and advanced organisations. These cyber criminals are highly technically skilled, and using cutting-edge techniques to breach internal data security. Our guide below outlines some simple actions you can take now to identify threats, secure your business and keep your data safe.
Cybersecurity stats from Fintech News report that phishing attempts have risen 600% since February 2020, with 75% of these attacks starting with an email. Businesses now have a large responsibility to protect not only their own sensitive information, but also the private and critical data that belongs to their employees and clients.
At SapphireOne, we take active, quality measures to ensure that we keep our customers data safe, and also encourage our clients to take their own steps to protect their accounts and personal information from external threats.
1. Keep an eye out for phishers.
‘Phishing’ refers to when a scammer will try and trick you into sharing valuable information, such as your passwords, PINS, credit card and personal details. The most common example is receiving an email that appears to be from a legitimate company. These emails are becoming increasingly sophisticated and much harder to distinguish the real from fake, and can include correspondence such as invoices, alerts and alluring calls-to-action.
So, what can you do about this? The best way to prevent phishers from accessing your information is to keep yourself and your employees well informed. Make it a daily habit to always verify the origin of the email, and always think twice before opening any link and attachment. Keep a special eye out for strange email addresses, questionable spelling and dodgy formatting.
2. Take advantage of unique passwords.
Never underestimate the power of a uniquely generated password. Cybercriminals are extremely creative in the way they get access to your passwords, and it’s important to use unique passwords for all important services to avoid your credentials being exposed.
At SapphireOne we take password protection very seriously, and are proud to say that we are one of the only applications that have a Password Management tool inbuilt within our actual ERP system.
Here are a few ways our software is designed for maximum data security:
- We have an inbuilt Password Management tool. This allows our customers to have complete control over every feature within SapphireOne, as every single functionality has the ability to be secured with password protection. This includes password protection for external features – such as computer screens, user accounts and email systems – as well as internal passwords for all functions within the SapphireOne application.
- We create strong, randomly generated passwords. Our customers can choose how many characters they want their unique password to be, and the SapphireOne Password Manager will randomly generate a mixture of uppercase and lowercase letters, numbers and symbols automatically.
- All passwords are updated regularly. Not only can our clients choose the length of the password, they can also set an action for the password to update and regenerate every week, two weeks, or month – ensuring that passwords are updated regularly for extra protection.
- All passwords are encrypted. And, you can set a workflow on the password, so that only a particular user, group, or level of employee has the ability to un-encrypt and view the password.
- We keep a record of everything. SapphireOne keeps a log file of all changes made to passwords, so there is always a record of the exact time, date and user making adjustments to any password.
- We have Two-Factor-Authentication built into the SapphireOne system. Also known as 2FA, is a method of confirming your identity by using a combination of two separate components. Within SapphireOne, every time a password is changed, a notification can be sent to a chosen user to notify them of the password update.
- Our clients have total control. They can activate & deactivate any password protection, on any feature within Sapphireone, all with the click of a button.
3. Make sure your wifi connection and server are secure.
It is becoming increasingly difficult for technology to stop every single threat, as vulnerabilities are emerging daily and cyber criminals are becoming more complex and adaptive. Using technologies to secure both your wifi connection and your server is a great way to mitigate these external threats, for an extra layer of protection across your entire business infrastructure.
If you are working remotely, or don’t have access to a trusted wifi network, you can use your mobile hotspot instead, or even better a Virtual Private Network (VPN). A VPN is software that encrypts all connections, meaning that a cyber criminal won’t be able to access your credentials or see which websites you’re visiting.
At SapphireOne we recommend our clients run our application on a Standalone Application Server, sitting beyond the Firewall on a separate VPN, and a separate subnet on the switch for an additional layer of security.
To do so we recommend our clients use Fortinet, a leading provider of fast and secure cyber security solutions. Fortinet high-end firewalls provide integration and automation across your entire infrastructure, and you can rest easy at night knowing that your data is safe and business is secured with end-to-end protection.
If you are interested in learning more about all the ways SapphireOne offers security solutions, get in touch or book a live demo with us, we’d love to discuss your business needs and how our software can help.
January 17, 2019 9:39 am | by Archana
New workflow security code. There have been security breaches within our competitor’s software of vendor files being hacked relating to their BSB and Account numbers. An external party has been changing these details and clients who thought they were paying vendors have been unwittingly paying into someone else’s bank account.
To ensure this doesn’t happen to our SapphireOne clients we have coded a Workflow Security Code on Vendor bank account changes.
This needs to be installed by the nominated person with access to Bank Details.
To create a Workflow in SapphireOne go to:
- Utilities Mode
- Top tool bar select Controls- Workflow Rules
- Click the blue + sign in the left corner of the tool bar
- Insert Title ie Vendor Bank Changes
- Go to Transaction- select Vendor
- Underneath for Rules Trigger- select Bank Details
- Go to Type – insert User Name
- On the right click the Authorisation Required box and the Email Notification box below if you would like to receive one (ensure your email account is set up in SapphireOne)
- Then confirm by clicking on the green tick in the top tool bar which will take you to the Workflow Rules Inquiry screen
- Ensure your rule has been recorded then close the screen by clicking on the red cross in the tool bar
For the Notification Alert:
- In the top right corner of SapphireOne the Blue round icon will display a notification
- Click on the bank changes notification to be directed to the Workflow Centre
- Highlight the change you would like to approve
- Then click on the top right button called Open In Inquiry
- You will be directed to the History of Bank Changes screen
- Double click to open the transaction you would like to review, then check the details are correct
- Close down the screens till you are back at the Workflow Centre
- Highlight the change again and click the approve or reject button down the bottom
Every time there is a change to bank account details it needs to be approved by the nominated person.
SapphireOne also strongly recommends you verbally confirm changes in bank account details with your vendors, and ensure you talk to the appropriate contact.
For extra security, a record is kept of the changes. Go to Utilities Mode, select in top tool bar History, then History of Bank Changes.
October 26, 2016 4:31 am | by Archana
Businesses are increasingly the victim of data breaches and brands are at risk. The “Verizon 2016 data Breach Investigations Reports” tells about incidents affecting organizations in 82 countries and across a variety of industries. This is based on contribution from dozens of organizations around the world, such as technology companies, information security firms and law enforcement agencies, including Australian Federal Police.
The ratio of incidents that result in a confirmed data breach vary from industry to industry. Some, like accommodation and retail, have a very high rate of successful breach per incident. Others like the public sector, experienced tens of thousands of incidents but only reported 193 confirmed data breaches in last year.
POINT-OF-SALE INTRUSIONS is one of the nine incident classification patterns included in the “Verizon 2016 data Breach Investigations Reports”. Many more incidents are recorded but can’t be classified due to a lack of information (Commonly that means phishing incidents without the necessary details to cluster them into a more specific pattern).
Remote attacks against the environments where retail transactions are conducted. POS terminals and POS controllers are the targeted areas (This includes remote attacks only, not physical tampering such as with payment card skimmers). Top target industries includes accommodation, food services, retail. The recorded frequency is 534 incidents where 525 is confirmed breaches.
SapphireOne is uniquely designed ERP, CRM and Business Accounting software.
It is written in 4D language. SapphireOne excels in providing all the features required to perform point of sale transactions. Entry of payment detail fields are available to record all the details for your customer’s preferred payment method.
SapphireOne prides itself by saying that to date, in SapphireOne no incident of data breach has taken place. SapphireOne ERP provides the security of your company data file. SapphireOne’s sophisticated design, secured 4D database connection protect your company data from attack cycle and ensure smooth running of your business and company data file.