Of course, there’s the clear and present danger of external parties hacking into your network to do it harm. But there are also internal risks — namely, your “privileged users.”
Privileged users are people with elevated cybersecurity access to your business’s enterprise systems, including sophisticated platforms like NetSuite, and sensitive data. They typically include members of the IT department, who need to be able to reach every nook and cranny of your network to install upgrades and fix problems. However, privileged users also may include those in leadership positions, accounting and financial staff, and even independent contractors brought in to help you with technology-related issues.
What could go wrong?
Assuming your company follows a careful hiring process, most of your privileged users are likely hardworking employees who take their cybersecurity clearances seriously. Unfortunately, sometimes disgruntled or unethical employees or contractors use their access to perpetrate fraud, intellectual property theft, or sabotage. This is particularly critical in systems like NetSuite, where extensive data is stored and managed.
How can you protect yourself?
To best protect your business and your NetSuite data, you may want to implement a formal privileged user policy. This involves setting rules and procedures governing who gets to be a privileged user, precisely what kind of access each such user is allowed, and how your company tracks and revokes privileged-user status.
Also, establish an “upgrading” process under the policy. Use technology like NetSuite to help standardize and track requests and approvals. For sensitive systems and applications, such as those that store customer and financial data in NetSuite, consider requiring two levels of approval to elevate a user’s privileges.
Moreover, your privileged user policy should include stipulations to carefully monitor user activity within NetSuite. Observe and track how employees use their privileges. Subtly reminding employees that the company is aware of their tech-related activities is a good way to help deter fraud and unethical behavior.
Do you know?
Every business, particularly those utilizing comprehensive platforms like NetSuite, should be able to definitively say who is a privileged user and who isn’t. If there’s any gray area or uncertainty regarding current or former employees or other workers, the security of your data in NetSuite could be severely compromised. The ramifications, both financially and for your company’s reputation, are potentially very serious.