If you use Vtiger then you have data. Some of this data is sensitive in nature. It could be that the data is only sensitive to the public but in some cases this data may be exclusive to only certain members of your organization. So what steps can you take to protect this data?
First we need to identify what data needs to be protected
- Do you manage payment transactions from within Vtiger? Do you use Authorize.net integrations or Paypal? If so, do you capture data that requires PCI compliance? PCI compliance is difficult to say the least but it’s certainly attainable and it’s something we are occasionally tasked to assist with.
- Do you manage a lot of your business workflow through the Customer Portal? If so have you checked to see what your users are viewing in your portal?
- Maybe you track financial data that should only be viewable by certain members of your organization.
You might be saying, “we’ll just properly set up roles and permissions!” You would be right in stating that, you should use roles and permissions (make sure to thoroughly test!) to restrict data. However, don’t forget that although Vtiger is hiding the data from some of your users, the data is contained in your database.
While most of us consider our systems to be locked down and safe from intrusions, the reality is that you should be taking steps to protect data in the event that security is compromised. Your data is important to you but it could be just as important or more important to anyone effected by a leak in your system.
Did you know that the Vtiger portal system uses unencrypted passwords and they are stored as simple text in the main database? Maybe you only use the portal for support tickets or there is very little reason to be concerned about the data that is exposed there. However, some of your users may use and likely do use these passwords for other websites. If your system is compromised, those passwords and email addresses are now exposed in plain text. It could be devastating for your users if an unauthorized user began trying these logins and passwords around the web.
We have custom code in place to further protect the login credentials of the user portal. If you need assistance with that please contact us and we would be glad to discuss your options. We’ve also developed a way to selectively “encrypt” data that you store in fields within Vtiger. You can do this selectively and yes we’ve accounted for global searching. See our screenshot as it shows just how easy our encryption system is to use.
Let us assist you in protecting your data.
[button color=”custom” size=”default” light=”no” icon=”fa-comments” open_in_new_window=”yes” link=”https://www.boruapps.com/contact-us/ “]Contact Us[/button]
