Notice of Maintenance on October 9th. Click here for further details.

Sage 200 Evolution – Tips on Securing your Company Data

5 minute read time.

This blog article will cover some tips on how you can secure your company data. Data security is an imperative function of any organistation.

All data sets and information relating to an identifiable individual that your business stores or handles, need to be properly protected.

From financial information and payment details to agents’, customers and suppliers' contact information. All personal data must be protected by law. 

Data Security

Sage 200 Evolution stores all data in a Microsoft SQL Database.

Each workstation with a Sage 200 installation needs to connect to a database using SQL Server Authentication. Here, the connection username (usually sa) and a password are required.

For additional security, you may choose to enforce password policies as determined by your IT department as well as have an expiration on passwords to have them changed regularly.

SQL login settings may be set up on Microsoft SQL Management Studio.

Do the following:

1. Go to SQL Instance | Security | Logins

2. Right-click on the sa user and select Properties.

A dedicated server with advanced security is recommended to host the Microsoft SQL Database. It is also important that you have installed firewalls and opened the necessary firewall ports. It is also essential to manage the backups and ensure access is only given to security managers. 

It is imperative to ensure that the connection set up for this database is secure by using strong passwords. No access should be given to users directly on the Microsoft SQL Database, this right should be reserved for System Administrators only.

Product Access

Sage 200 Evolution includes some access control features that allow one to work on an exception basis. One needs to set initial rules for what is supposed to happen most of the time. It is also necessary that you modify these rules for one or more agents or agent groups.

You set the initial default rules for agent access in the broadest possible terms. Once you do so, you can then modify the access rules at two levels: 

You can set access rules per agent group. Any agent you link to the agent group then inherits the access settings for that group. If an agent belongs to more than one group, the system will merge the settings for these groups to determine the access. 

You can set access rules per agent group. These are the strongest settings as they override any other settings that may apply to the agent. 

You can mix and match settings at the global level, agent group level, and agent level. The system will apply the most specific rules when they are present and move up a level when they are not.

To set up Access Control rules:

Navigate to Administrator | System Configuration | System Wizard

Add Access

  • If you wish to allow most agents to create new master records in the modules in which they work, select this option.
  • If you prevent most agents from creating new master records, deselect this check box.
  • In either case, you can modify this access rule per agent group or per agent. 

Edit Access

  • If you wish to allow most agents to edit existing master records in the relevant modules, select this check box.
  • If you prevent most agents from editing existing master records, deselect this check box.
  • In either case, modify this access rule per agent group or per agent. 

Rule Access

  • In each module, you set rules. For example, you set whether an agent can sell an inventory item below cost. You set rules in the Access Permission tab of the agent or agent group.
  • If you wish to turn on all rules by default, and then disable them where necessary, select this check box.
  • If you wish to turn off all rules by default, and then enable them where necessary, deselect this check box.

Security Settings

You may set up your security settings by going to Administration | System Configuration | System Wizard

3.1 Login Security

The system contains two security models that you can apply per company:

  • Normal Security, or 
  • Login Security

Login Security provides enhanced security that protects passwords and agent login names. Without login security, you can still use passwords, however, the reduced security level allows agents to save password settings on a workstation. This, in turn, allows anyone to access the system from that workstation without knowing the password.

3.2 Password Settings

To enable login security:

  1. Select the Enable Login Security check box.
  2. In the Minimum Password length field, choose the lowest number of characters agents must enter when they create their passwords. Secure passwords need at least four characters. The more characters you use, the better.
  3. In the Password Archive Limit, specify how many older passwords the system should remember. Agents cannot use passwords that are in this archive. Once the system reaches this limit, the oldest password memory is erased each time an agent creates a new password.

Note: Once you enable login security, you cannot disable it.

Other changes that occur when you enable login security are:

  • When logging in, enter your agent name and password. Without Login Security, you can save an agent name and/or a password on a workstation, thereby potentially allowing access to unauthorized persons.
  • The option to show password characters when you change passwords doesn't display.

3.3 Password Complexity

Password complexity settings allow for enhanced security that protects passwords by enforcing complex password combinations.

To enable password complexity

  1. Select the Enable Password Complexity check box.
  2. Specify the combination of characters listed.
  3. The combination listed will also determine the length of the password.

3.4 Agent Lock Out

This feature allows you to specify the number of login attempts allowed by an agent, as well as specify a duration whereby the system will automatically lock on behalf of the agent.

To enable agent lock-out:

  1. Select the Enable Lock Out check box.
  2. Specify the number of attempts allowed.
  3. Specify the user inactivity time frame for the system to lock down.

 There are also other measures outside of Sage 200 Evolution that could also assist in securing your data, such as:

  1. Regularly update your Windows Firewall and anti-virus software, to prevent hacking and software viruses.
  2. Enforce security policies for all users working on or connecting to your main servers’.
  3. Apply passwords to protect data files that are being compressed. 

Conclusion:

 It's important to ensure that you have properly secured your company data as well as any stakeholder data that has been entrusted to the company.

Not only will securing data prevent cyber criminals from accessing your sensitive data but will also ensure that you're compliant with POPIA.

Sage 200 Evolution provides some features to ensure you've properly secured your data and restricted access.

With cyber-attacks being on the rise, it is imperative that you assert in protecting your company data.