More and more often, business websites and computer systems are vulnerable to hacking and other cyber threats. These incidents damage businesses and other organizations, especially if security is breached and sensitive or confidential business and personal data is compromised. Cyber incidents cost companies and taxpayers billions of dollars each year in lost information and the costs to respond and repair what the hackers have damaged. In addition to the attack itself, customers lose faith quickly when there is a security breach because they feel that the company is careless with their sensitive information. There is light at the end of the tunnel, however.
Kensium’s ERP partner, Acumatica, has numerous security processes to prevent cyber-attacks and secure business and customer information proactively. In this article, we will discuss the ways Acumatica prevents cyberattacks and saves you valuable time, money, and data.
Acumatica’s Security team utilizes several resources when developing a plan to implement preventative actions. For example, the National Institute of Standards and Technology (NIST) Framework and Cyber Security Framework (CSF) improves Acumatica’s overall Cybersecurity position. The framework is a voluntary risk-based set of best practices and industry standards created to enhance security and resilience online. In addition, while the focus is on processes and technologies, Acumatica works to provide education and security awareness for its employees throughout the year.
The Cyber Security Incident Response Team is responsible for investigating and responding to cyber incidents following internal procedures.
The Security team reports cyber incidents and rapidly responds by notifying employees through direct communication or a companywide notification.
Acumatica enhances its data security controls and procedures to deter and prevent cyber incidents. Its Security teams stay updated on the most recent IT protection measures. Some examples of these measures are:
Acumatica has developed, implemented, and maintains a robust network security architecture with controls like:
In addition to these processes, Acumatica’s DevSecOps program continuously looks to improve its security measures and develop security enhancements. They address common web application security issues by:
Acumatica’s Security team regularly evaluates the entire digital security supply chain. They understand that if even a single link is weak, it is vulnerable to a cyber-attack. The Security team understands the interdependencies of their systems and maintains system statuses by:
Acumatica has a seven-step cyber-attack response plan if an attack occurs. This written plan identifies multiple incident scenarios and provides appropriate responses. This plan is not only for domestic threats but is global. The following components comprise the response plan:
This plan is implemented whenever a security breach or cyber-attack is detected.
To discover and report cyber incidents from Acumatica’s Security Operation Center (SOC), the Response team takes the following actions of discovery and reporting:
When a potential incident is reported, the Security team conducts a preliminary investigation and determines if a data breach has occurred. Depending on the severity of the incident, but at the minimum, the following steps are taken:
Acumatica’s Security team coordinates communication with the executive leadership and other affected departments regarding cyber incidents. The Security team is responsible for coordinating efforts to ensure effective communication and cooperation with all parties involved in response to a cyber incident or data breach. These departments are:
External parties are:
Acumatica sends communication as required by applicable laws and regulations direct to customers.
External communications include:
During this step, Acumatica sends out the required legal disclosures. The SEC advises that public companies are responsible for evaluating cybersecurity risks and disclosing the risks to the stakeholders potentially affected. While Acumatica is a private company, they take steps to assess if the compliance plan and disclosure procedures are required at the time of a cyber incident.
Once the initial response assessment is completed, Acumatica may perform a formal internal investigation depending on the incident level of intrusion and the impact on critical business functions. An internal investigation allows Acumatica to fully understand and identify the cyber incident and other risks and detect any previously unknown vulnerabilities. Acumatica then identifies improvements to computer systems. Additionally, Acumatica uses outside legal counsel and third-party cybersecurity teams to assist when necessary.
Acumatica’s compliance work plan focuses on monitoring the highest risks for potential cyber incidents and addressing cyber incident procedures and other compliance matters. The compliance plan is a living document, reviewed and updated regularly. The items this plan covers are:
Acumatica is constantly evolving and improving its processes to keep your and your customer's data safe from cyber-attacks. They understand that it is critical to your business to have the peace of mind that data is secure and a plan is in place if there is a breach. When Kensium implements your Acumatica ERP, you get these security benefits and more. You can rest assured that both Kensium and Acumatica have security procedures to ensure your data is safe. If there is an attack, teams spring into action to mitigate any damage done and provide additional security measures to prevent attacks.