Securing your systems with a few clicks
Systems are never secure “out of the box.”
Whether it’s Multifactor Authentication, Phishing Detection Training, or Zero Trust Architecture, businesses around the globe are adopting new and evolving cybersecurity best practices to improve their data security.
However, something we can easily miss is the security on the systems we use every day, such as our management systems.
Did you also know that it’s YOUR responsibility to make sure your 3rd party systems are secured? Missing out on securing these systems not only puts your users at risk but it can also cascade risk onto clients and their data, which you were trusted to keep protected.
It falls on you to have documented security practices of your 3rd party systems, and to determine if using those systems is an acceptable risk to your business. You also need to consider the different users, devices, and networks that might have access to these systems. It can be a lot to wrap your head around!
A few clicks towards security
Luckily, securing the systems that are critical to your business can often be handled with a few clicks and checking boxes. Many management systems come pre-configured with toggles and buttons that allow you to grant certain permissions to particular users, keep tabs on their activities, require authentication, and so much more.
Different systems have different pre-configured security protocols, but it’s important to identify what your system can do that will ensure user and client data is protected.
Here are a few key controls and reports to look for:
- Authentication Controls – tools that help control the access to an environment, such as password settings, MFA, and Single-Sign On.
- Access Privileges and Security Groups – configures what people can do once they get into an environment and sets limits on the kinds of information they have access to.
- Import/ Export Controls – creates limits on what can be entered into or exported out of your environment.
- Document Privileges – protects documents with sensitive information from users who do not need access to them.
- Audit and Access Logs – allows you to create reports on who accessed certain information and when.
- Integration, API, and Other Connectivity Controls – set parameters on what information can be accessed or which actions can be taken by connected third party software tools.
An example from Vertafore
To help demonstrate how a system might be secured, we had the pleasure of partnering with Vertafore to show an example with their AMS360 agency management system. Check out the full presentation here, featuring Ryan Smith, VP of Sales & Marketing for Adar/ Rigid Bits, and Barbara Wold, Sr. Product Manager for AMS360 at Vertafore: