NetSuite Security Features: Manage Your Business with Confidence

NetSuite Security Features

NetSuite Security Features Will Bring You Peace of Mind

NetSuite knows it’s at the heart of your most important business processes, which is why a host of advanced security features are made available to you. With stringent round-the-clock monitoring tools, controls and policies, and a dedicated tenured security team, NetSuite ensures you have the strongest security available to protect your business.

NetSuite has met a host of audit and security standards including SOC 1, SOC 2, PCI-DSS, and EU-US Privacy Shield framework. In addition, NetSuite has modeled its security and risk management processes according to the National Institute of Standards and Technology (NIST) and ISO 27000 series of standards.

Features such as role-based access, strong encryption, robust password policies, and more add further layers of security. NetSuite also supports application-only access and restricting access to only certain IP addresses to provide complete confidence and peace of mind.

Read on to learn more about NetSuite Security Features and how you can leverage NetSuite to manage your back-office operations with confidence.

How to Avoid Phishing Schemes

If you’re using any online services, you could become a target for cyber crimes and security threats. This includes fraudulent “phishing” emails which try to lure you into supplying personal or company information like credit card numbers, user logins and passwords, financial account details, and Social Security numbers.

Phishing emails seem legitimate, but they contain links to fraudulent websites that mimic real sites. They try to trick you into sharing personal information, often by asking you to “verify” or “update” your personal details. What’s more, the destination sites these emails link to can contain malware. These fake emails often use the logos of real companies, but they are only impersonations to try and make them look legit.

At NetSuite, protecting your data is a priority. Know that NetSuite will never email you to ask for confidential information like your NetSuite password or credit card information. If you receive a suspicious email that uses NetSuite’s name or logos, immediately inform NetSuite by forwarding it to

Here are some additional ways you can avoid becoming a victim of phishing schemes:

Check All Links: Before you click a link in an email, hover over it with your mouse to display the destination URL. It should match the destination represented in the email and should go directly to the organization's legitimate website. Be cautious. A phishing email may send you to a domain name that is spelled very similarly to a genuine domain name or appears to be somehow related to it. These websites could contain malware or be impersonations set up to collect your personal details. Don’t click these types of links. Instead report them.

Check Phrasing: Phishing emails will often try to trick you into sharing personal details by asking you to “verify” or “update” information. Beware of emails which ask you to click links to enter personal information into websites. These fake emails often use the logos of the companies they are impersonating to look legitimate. To be safe, call the company directly using their publicly available contact information (not their information from the email) and inform them of the email you received.

Some common phishing tactics include:

  • “Dear NetSuite user...” These emails are often sent out in bulk and won’t address you by name
  • “We suspect unauthorized activity on your account…” These emails try to scare you into responding by suggesting that your security has been compromised
  • “Verify your account...” Trustworthy businesses will not ask you to send passwords, login names, Social Security numbers, or other personal information via email, ever
  • “If you don’t respond within 24 hours, your account will be closed...” By creating a sense of urgency, phishing schemes try to make you respond quickly
  • “Get your refund now...” Again, by creating a sense of urgency phishers try to get you to respond

Protect Your Login: Be suspicious of any email that links to a login page. Instead of using links from emails, always log into websites directly by:

  • Entering or bookmarking the login page in the address field
  • Looking for the lock icon in your address bar to show the page is encrypted
  • Clicking the Customer Login tab from the website’s official home page
  • Don't enter personal or financial information into pop-up windows

Avoid Suspicious Attachments: Phishing emails may include links or attachments which when opened or clicked will install malicious code to your computer. This enables the capturing of keystrokes and collection of other information. These attachments may contain familiar extensions such as .doc and .pdf, luring you to click or download them. Always use extreme caution opening attachments from unknown sources.


ERP Implementation
Best Practices

How to Choose Strong Passwords

A strong password will not prevent hackers from trying to gain access to your accounts or information, but it can slow them down and even discourage them. Strong passwords are ones that are not easily guessed. Many hackers use automated processes to try and guess passwords, so it’s important to choose passwords that won’t leave you vulnerable.

A strong password must:

  • Be at least eight characters long, but the longer the better
  • Combine uppercase and lowercase letters, numbers, and special characters like punctuation marks
  • Never be shared between various accounts or applications. Each instance should have its own unique password

Note: If you have trouble remembering multiple passwords, you can use a password journal, password manager, or password management utility.

Strong passwords should not include:

  • Words found in the dictionary, even if they are slightly altered, for example by replacing a letter with a number
  • Personal information such as birth dates, names, social security numbers, or anything else that could be learned by others
  • Information which might be available on a social networking site

NetSuite’s supports strong passwords:

  • Fine-grained password configuration options— minimum password length, password complexity monitoring, time frame-based password expiration
  • Ensures new passwords vary from prior passwords
  • Automatic lock out after a certain number of unsuccessful login attempts
  • Optionally supports multi-factor authentication using RSA SecurID to further minimize unauthorized access

Report Security Concerns:

You can forward any suspicious emails or activity related to your NetSuite accounts or correspondence to:

NetSuite’s Onsite Security Features

With NetSuite you will get strict security certifications for your business applications which might otherwise be expensive and difficult to achieve. You can upgrade your security with NetSuite's continuous, dedicated monitoring and trust in security controls at their facility such as a fully guarded premises and physical access management.

Here’s a short overview of NetSuite’s robust, onsite security system at their facility which ensures your data is always protected:

Comprehensive Security Certifications: SOC 1 Type II, SOC 2 Type II, PCI DSS, EU-US Privacy Shield, and ISO 27001.

Continuous Security Monitoring: Numerous intrusion detection systems (IDS) identify malicious traffic, unauthorized attempts to access the data center are blocked, unauthorized connection attempts are logged and investigated, and enterprise-grade anti-virus software is continuously on guard.

Complete Separation of Duties: Job responsibilities are separated, mandatory employee background checks are employed at all levels, the principle of least authority (POLA) is followed, and employees are given only those privileges necessary to complete their duties.

Managed Physical Access: Stringent physical security policies and controls, photo ID proximity access cards, bio-metric identification systems, proximity card reader devices, single-person portals, T-DAR man traps, perimeter doors are alarmed and monitored, exterior perimeter walls, doors, windows and the main interior entry are constructed of materials that afford Underwriters Laboratory (UL) rated ballistic protection.

Fully Guarded Premises: On-premise security guards monitor all alarms, personnel activities, access points, and shipping and receiving; entry and exit procedures are correctly followed on a 24/7 basis; CCTV video surveillance cameras with pan-tilt-zoom capabilities; video is monitored and stored for review for non-repudiation.

Between NetSuite’s onsite security system and the features offered to you within NetSuite applications, you can rest easy knowing your data is secure. But if you have any questions or want to learn more about NetSuite or NetSuite security features, you can email us at or call (855) 682-4324 for more information.

Nuage - Premier NetSuite Solution Provider

Nuage is a NetSuite reseller and NetSuite Solution Partner. From purchasing a NetSuite license, to implementing and customizing the NetSuite platform for you, we can help your company pick and choose which features you need most. Our team is ready, willing, and able to help guide you through the NetSuite purchase and/or implementation process. Please feel free to contact us for more information on how we can help.