Yardi Security and Compliance
When was your last overhaul on your Yardi security setup? Are you doing everything in your power to protect your company’s and clients’ sensitive data?
Many businesses don’t realize the full extent of compliance regulations for data until it’s too late. At Saxony Partners, our team of independent Yardi consultants can guide our clients towards better Yardi security that meets compliance and protects their data against hackers or ransomware.
Yardi Security Concerns in 2020
Saxony Yardi Manager Jennifer Vinyard knows how to better secure important data immediately using internal Yardi settings and controls. She recommends starting security improvements by asking questions about how you are managing your data.
“In today’s times we need to go beyond data storage and look at compliance access and change management,” Vinyard said “Do you have your system configured to secure access to data for only those that have a necessary need to access it? Do you have change management in place so a user cannot complete fraudulent activity? Do you have packages loaded to hide critical data like Social Security numbers, date of birth, driver’s license information, and credit card numbers?”
“If you are using the Yardi Voyager ERP system on the current cloud-based SaaS plan, then your data is stored behind multiple layers of firewalls and intrusion prevention systems,” Vinyard said. “You can feel confident your data storage procedures comply with PCI, SSAE 18 and Sarbanes-Oxley regulations.”
Yardi Security Settings
According to Yardi Systems, their software has inclusive and broad-ranging security with granular settings, enabling system administrators to create multiple levels of access for users and user groups.
In short: Yardi has built-in security measures that will protect your data, but only if you know how to use them correctly.
“There are a couple of quick ways to establish stronger internal controls, such as reviewing User Security Analytic reports to validate past or current period access on posting transactions,” Vinyard said. “Setting a property or property list control on each user will also ensure access to closed properties or properties outside the purview of the user is limited. Another tip is to run the Security Permissions report and do a quick high-risk assessment for key control areas like posting rights, banks, delete access, check/ACH processing.”
In order to ensure your Yardi security settings are meeting compliance criteria, Vinyard explained the importance of relying on an experienced partner for guidance.
“Establishing the right security settings takes time and forethought,” Vinyard said. “Auditors want to see internal controls in place, and beyond looking at your security features they may want to test the security settings ensuring users really don’t have access to things that they shouldn’t have. However, Yardi security goes beyond the 5,000 permissions in user group access.”
Vinyard points out that a consulting partner like Saxony can help you optimize your security using YardiOne, with stronger password policies, SSO integration and multifactor authentication. This ensures that users are authenticated in real time, and that users can only access data they are authorized to see.
Saxony can also help with permission and group overhauls, as well as tightening security in other areas. This includes button control access, Charge Code/GL security, or establishing workflows for more oversight into approvals. Controlling which data your users can access protects you, your tenants and your owners.
If you need advice on your Yardi security settings, reach out to our team at Saxony Partners. If you are looking for more Yardi tips and tricks from our team of consultants, visit our blog or follow us on LinkedIn.