As long as valuable information is stored in the cloud, people will try to steal it. NetSuite does a fantastic job of keeping their customer’s data safe, but a secure NetSuite login process is a responsibility that falls on the individual users. NetSuite provides functionality that allows users to minimize unauthorized logins, but these features still have to be set up. Here are 6 ways NetSuite can protect your logins and how you can set them up. Also, if you feel you have problems that NetSuite experts need to look into, remember, eMerge Technologies has experience NetSuite consultants on standby.

Meet with a NetSuite Expert

NetSuite Login Best Practices

Enforce IP Restrictions

NetSuite admins can control the IP addresses that are able access your NetSuite account. So even if your login info was stolen, once the attacker tries to login from an unauthorized IP, NetSuite will deny them access to your sensitive data.

To set this up, navigate to Setup> Company > Enable Features. Underneath the “Access” header, there is a checkbox that you can check to enable IP address rules.

Once you’ve done this, go to Setup > Company > Company Information. Below “Time Zone,” there is a field labeled “Allowed IP Addresses.” Use this field to tell NetSuite which IP addresses are allowed to access your account.

This can be done on a company-wide or employee basis. Since many of us are working remoting these days, all you have to do is get with your team and ask them to provide you with their IP addresses; then you can provide access to their remote work locations.

Pro Tip: Avoid Public Wifi. Devices exist that can pose as free wifi networks that allow hackers to access your secure information long after you have disconnected from their service. Stay away from wifi networks that you cannot verify are safe. And if you must use public wifi, consider using a VPN to encrypt your data. 

Use Strict Password Settings

Optimal password policies have changed in recent years due to advancements in technology. Admins can set strict password settings that force users to come up with passwords that are long and have sufficient complexity. Users should be encouraged to create passwords are longer and more complex than the minimal requirements.

Here is a list of updated password policy best practices that minimize the risk of a breach in 2020 and beyond:

• Password length is much more valuable than complexity. Passwords such as “c_Dfvc%Fsd^” are nearly impossible for people to remember but simple for a computer to guess.
• Do not make passwords expire every number of days. This type of setting can create more problems as users will be more likely to forget their own password and need to rely on an admin to reset them. When you have a password that is complex and memorable, keep using it.
• Complexity is still important, just try not to overdo it. An overly complicated password is easy to forget and lead to users locking themselves out instead of hackers.

Pro Tip: You can only get your password wrong 6 times before NetSuite will lock you out for 30 minutes. If you’re not sure about the 6th attempt, it may be quicker to get your admin involved to reset your password.

For a longer list password policy best practices suited for the modern era of computing, you can check out this article Here.

Use Two-Factor Authentication

2FA is a fantastic backup plan in case your password is ever stolen. Two-factor authentication is a setting that, when enabled, requires you to verify your identity through another method, such as your phone or email before NetSuite lets you access your account. This means that for someone to hack your NetSuite account, the hacker must first steal a users NetSuite login info and also hack that same users email or phone.

NetSuite will automatically put 2FA security on all accounts that it defines as “Highly Privileged.” Highly privileged roles are the admin role and other roles that have a lot of access and can be dangerous if they were ever hacked.

But, admins also have the option to  add this 2FA protection to any role that they deem necessary. To accomplish this, go to  Setup>Users/Roles>Two Factor Authentication Settings.

For more information on how to enable 2FA for your system, click HERE.

Meet with a NetSuite Expert

Smart NetSuite Security Question/Answers

Security questions are usually not thought out as much when compared to passwords, mostly because they have fewer requirements and are created as an afterthought. This lack of thought is exactly what attackers are hoping for when looking for weaknesses.

Security questions and answers should be thought of as a backup password, and have the same amount of thought put into them as your original password. For an in-depth resource on security questions and smart answers, you can click here. But here are a couple of major guidelines to start you off:

• Never answer the question straight on. For a security question that asks “City where you were born” do not provide the city where you were actually born. Often, direct answers to security questions can be looked up or provided unwittingly.
• Use the same amount of complexity you used with your password. Length, spaces, and unique characters can make your security answers hard for both humans and computers to guess.

Pro Tip: Use a familiar saying or catchphrase instead of answering the question. For example, Buzz Lightyear’s saying from Toy Story, “T0 infinity @nd Beyond” with the spaces added as well. You can also use this tip when setting up your password.

Sign in from the official NetSuite.com login every time – Try to use the same link to login every time you use NetSuite. A secure way to login is go to NetSuite.com and click “Login” at the top right of the page.

Pro Tip: Bookmark the NetSuite.com login page so you can access it with a single click whenever you need to.

Never login from pages that aren’t affiliated directly with NetSuite or from an email in your inbox. A skilled hacker can create a front page that replicates NetSuite and use it to collect your login info.

To make sure you are logging into the correct page, check the URL to verify it is in fact NetSuite. NetSuite’s URL will always have the lock symbol and contain system.netsuite.com

Secure Integrations

Securing your integrations is not necessarily a setting you need to configure but rather an awareness that you need to have. Not every application is as secure as NetSuite, so providing these applications with your NetSuite login info can result in security breaches.

Pro Tip: When using an integration to connect NetSuite with a third-party application, not only is the data being accessed directly at risk, but also any data the role using the integration has access to.

To ensure that your integrations aren’t an issue, check out these suggestions:

1. Check the security features for applications you connect to NetSuite, try to avoid software that has limited security protocols.
2. If you have to integrate with less than secure applications, make sure to have the admins limit the access of the roll that is performing the integration to only the required data.
3. Use “saved searches” to retrieve the data needed for the integration to reduce how much data is risked even further.

Bonus: Update Your Software

Keep your software and systems up to date: Make sure to keep your operating system and browser software up to date with the latest security patches and updates. This will help protect against known vulnerabilities that could be exploited to gain access to your account.

In Conclusion

By enabling these settings and following up-to-date security protocols, you can make sure you’re doing your part to keep your companies data safe. There is no 100% guarantee that these login protocols will prevent data theft, but at least you won’t be making things easy for your attackers.

If you think there are important security or login protocols I missed in this guide, please let me know about them in the comments section, and together we can help keep NetSuite users protected!