Understanding NetSuite Security: Protecting Financials, Employee Data, and More

As a company, it can be intimidating to know that important data such as financials, personal employee information, and sensitive company details are all stored in NetSuite. This can often lead to the question, how secure is NetSuite? Key NetSuite security features implemented by NetSuite implements include SOC 1, SOC 2, PCI-DSS, and EU-US Privacy Shield framework. But what do these mean? In this blog post, TAC will explain all of the security measures NetSuite takes to ensure your data is protected, along with the settings you configure as an administrator to protect your environment.

Key NetSuite Security Features

SOC1 Type II:

A SOC1 Type II report, also known as “Report on Management’s Description of a Service Organization’s System and the Suitability of the Design and Operating Effectiveness of Controls” or “SOC1”, is an audit report that independent third-party auditors prepare that NetSuite provides to its customers. A SOC1 report that important company financial information is stored securely and . This report with standards certified by the American Institute of Certified Public Accountants and the International Standard on Assurance Engagements 3402 (AICPA). While a type 1 report is focused on the set-up of internal financial controls, the type 2 report also includes the effectiveness of the financial control design within a specific period.

SOC2 Type II:

SOC2 reports are designed for companies that handle or store client information. ensure that customer data is safeguarded from unauthorized access security incidents and anomalies detected across the entire NetSuite system. The type II report encompasses both design and operating effectiveness and is also prepared by a third-party auditor to ensure security and reliability.

PCI DSS:

Payment Card Industry Data Security Standard, also known as PCI DSS is a security standard for credit card processing. This reduces payment card fraud protects cardholder data. NetSuite is PCI DSS compliant by offering a 3D Secure credit card verification, AKA Verified by VISA/MasterCard Secure Code, which adds layer of protection to cardholder information by allowing authentication of transactions via password. This feature asks users to create an authentication password when entering credit card information or to . This protects both the company and the customer from possible card fraud.

ISO 27001:

ISO27001:2013 is a global standard for the security of information security management systems (ISMS). NetSuite service’s ISMS is ISO 27001 certified. This certification attests to NetSuite’s compliance with the standards and the existence of established procedures to uphold the security of customer information. 

How Can You Help Keep NetSuite Secure?

Setting up 2FA

Enabling 2FA for high-clearance roles is critical to securing your company’s NetSuite environment.

On the role level, you can enable 2FA for any customized role. It is essential to consider which roles have high-level access to transactions and financial reports when enabling 2FA.
With 2FA, when users log in for the first time they will be promoted to set up 2FA. Users can configure their own 2FA settings and will have their choice of authenticators to use.
When a user logs in, they enter their login credentials as well as enter a verification code, which is a string of randomly generated numbers that changes at an interval. This additional layer of security ensures that even if a user’s password is compromised, 2FA requires the user’s mobile device for verification, providing an extra layer of protection for your NetSuite environment.

NetSuite Security - 2FA

Managing Password Policy

As a Netsuite administrator, you have the ability to set password policy settings under General Preferences in your environment. When configuring a password policy for your company, you have three different options.

Password Policy
Here, you have three options to select from:

Minimum Password Length

The default option in this field is determined by the password policy strength chosen above. Administrators can customize the minimum password length required for users, but this field can not be set to a lower than the selected password policy selected above. For example, if the password policy is set to medium, the password length can only be set to a value greater than 8.

Password Expiration in Days

This field sets the days a user’s password is valid until a password change is required. One hundred eighty days is the default, but this field can be set up to 365 days. When configuring this setting, it is important to note password changes are an important cyber security tool to help mitigate damage from potential data leaks. Password resets also help ensure users are not reusing passwords across multiple platforms.
With any data, security is important. All of these features ensure that your data is protected. Setting up strong password policies and educating users on cyber security can give you peace of mind when managing your company’s NetSuite environment. For any security-related concerns or questions, TAC Solutions Group is here to help ensure your NetSuite is protected and secure.

Share:

More Posts you may like:

Avalara’s AvaTax integration

Navigating the New AvaTax Changes: Ohio Business Gateway and 2-Step Authentication

From August 1 2024, you’ll need to use two step authentication to access the Ohio Business Gateway and 2-Step Authentication, for added security. Though it may seem like an inconvenience it’s essential for safeguarding your business data and ensuring transactions. Plus, with Avalara’s AvaTax integration, complying with this measure is easier than anticipated. Lets explore how you can get smoothly transition through this change.

Understand Business Complexity

Our combined experiences in diverse industries provide us with unique insights allowing our NetSuite Consultants to provide solutions to multifaceted problems.It has been our experience that often times people look for the easiest solution instead of facing the problems head-on. This creates manual workaround and loss of man hours that contribute to increased labor costs to resolve systematic problems.

Request a demo

Fill out the form below and our team will be in touch shortly.