Improving JAQ's security

Like any computer system, if JAQ is on a network with a connection to the internet, there is a risk from hackers. Hackers can either destroy your data, encrypt and hold your data to ransom, or use your data to to undermine your business.

There are a few measures you can take to reduce this risk, but remember, at the end of the day, its virtually impossible to protect your network from the most skilled hacker, unless you take your system off line.

Here we will discuss 3 methods to help protect your JAQ data: Employee and Device security, and Backups.

Employee Security.

Passwords are measured by strength, the stronger the password, the less likely it will be broken. JAQ will indicate the password strength when you edit the employee's password.

Strong passwords should contain letters, both upper and lower case, numbers, and special characters ( !@#$%^&* ). The longer the password, the less need for special characters, so a password like "My car is light blue." is as strong as "W23D!k7", and a lot easier to remember.

Employees with access to JAQ's main area's, and especially the administration area's, should have a strong password.

Its highly recommended employees who have left the business are made in-active in JAQ, by un-ticking the Active checkbox. This will stop them from logging in full stop.

Device Security.

JAQ has a security option than can block any unauthorised device, like PC's, laptops, tablets, smart phones, etc. Any device that needs to access JAQ must first be granted access. This is highly recommended if you have set up JAQ to be accessed remotely, or have a WiFi network.

To set this up, you need to follow the following steps. Once started, the process must be completed or you may lock yourself out of JAQ. This should be carried out by someone with full Manager access to JAQ.

1. Check you have Manager Access, by editing your employee details, and checking the Manager Access checkbox in the Access To Area section. If it wasn't checked, after saving you should log out and log back in.
2. In JAQ Setup, tick the Security check box and save. At this stage, JAQ wont give any device access, except for those currently logged in. So don't log out!
3. Go back and edit your employee details. If not already, change your password so it has a strength of Strong or higher. Then tick the checkbox Can set JAQ security access cookie in the Access to Area section. This option is hidden if step 2 is missed. Remember to save.
4. JAQ is now set up to only allow authorised devices, and you are the person who can grant them access.
   
   The next steps are carried out for each device that needs access to JAQ
   
   
5. Go to each device, log out of JAQ if its logged in, try to log back in and you should see the following screen....
   
6. Select your name from the Admin Employee list ( you can have more than one person who can authorise devices ), enter your password and click Submit. The following should display....
   
   If you enter the wrong password more than 5 times, JAQ will lock you out for 24 hours before you can try again.
7. That's it, the device is now granted access and employee's can log in as per usual. Repeat steps 5 and 6 for any device that needs to access JAQ. Don't forget to do your own PC, once you have set up others in the office.
8. Lastly, if you would rather use a weak password, you can now change you password to weak and un tick the Can set JAQ security access cookie in the Access to Area in step 3.

Notes.

• A cookie is used to grant access, and it will expire after 28 days if the device is not used during this period.
• Only employees with manager access and strong passwords can authorise a new device.

Backups.

Cant stress this enough, you need backups. JAQ itself cant perform backups, its something that needs to be set up by your IT manager. The inetpub folder ( usually on the C: drive ), and the Q: J: and U: drives are required for JAQ, so these should be included with your backups.

Ideally.....

• A backup should at the minimum consist of 2 external hard drives. One is connected to your network/server/PC, the other kept off site. Swapped every week.
• Before swapping, the network should be checked for viruses or signs of ransom ware.
• Each backup device should have a folder for each day of the week, ie Monday, Tuesday, etc.
• Every day your vital business data is saved to the appropriate folder on the backup drive. Ideally this is done late at night.

The above will give you reasonable protection in the even of a fire, theft or ransom ware attack. In addition to physical drives, a cloud option should be considered. Don't rely on a cloud option to replace physical hard drives.

JAQ does have a database copy function, which can be used to make periodic copies of the data. This is like taking a snapshot of the data at a date. The option is in the Manager/Database Utilities menu, and the database will be saved tot he U drive with a date stamp, ie U:/Database/JAQData_2014_11_27_9_2_25.mdb