In a world where cybercrime is constantly on the rise, securing IT systems is a priority for businesses. Dolibarr, an open-source ERP/CRM software, is a popular choice for small and medium-sized enterprises (SMEs) to manage their operations. However, like any connected system, a poorly configured Dolibarr instance can become a potential target for cyberattacks.

In this article, we will explore in detail the essential measures to secure your Dolibarr instance. From initial configuration to data protection and best practices for secure usage, learn how to safeguard your business and sensitive information.

1. Why Securing Dolibarr is Crucial

Dolibarr is designed to be flexible and adaptable, but this modularity can introduce vulnerabilities if security best practices are not followed.

a) Sensitive Data at Stake

Dolibarr manages critical information, such as:

• Customer data (names, addresses, contact details).
• Financial data (invoices, payments, accounting reports).
• Internal information (projects, human resources, inventory).

If compromised, this data can result in financial losses, reputational damage, and legal issues.

b) Increasing Threats

Cyber threats such as ransomware, data breaches, and hacks targeting SMEs are becoming increasingly common. An unsecured Dolibarr instance can serve as an entry point for these threats.

2. Secure Initial Configuration of Dolibarr

When installing and configuring Dolibarr, follow these steps to ensure a secure foundation.

a) Choose a Secure Hosting Environment

Selecting the right hosting environment is crucial:

• Secure Local Server: Recommended for businesses with in-house technical expertise.
• Cloud Hosting: Opt for a reliable provider offering features like SSL encryption, automatic backups, and DDoS protection.

b) Use HTTPS

Ensure your Dolibarr instance uses an SSL certificate to enable HTTPS. This encrypts all communications between the user and the server.

c) Change Default Credentials

After installation, immediately change the default admin credentials. Use a strong password that includes:

• At least 12 characters.
• A mix of uppercase and lowercase letters, numbers, and symbols.

d) Configure File Permissions

Set file permissions to restrict access to critical files in your Dolibarr installation:

• conf.php file: Set to read-only.
• Sensitive directories: Limit write access only when necessary.

3. User and Access Management

Strict user and access management is essential to minimize risks.

a) Enable Access Control

Dolibarr allows administrators to define specific roles for users:

• Restrict user permissions based on their responsibilities.
• Assign read-only access when data modification is not required.

b) Use Two-Factor Authentication (2FA)

Enable two-factor authentication to enhance login security. This adds an extra layer of protection by requiring a unique code sent to a secondary device.

c) Disable Inactive Accounts

Remove or deactivate unused accounts to reduce potential entry points.

4. Backups and Recovery

a) Schedule Regular Backups

Configure automated backups for your files and databases. Store copies in secure external locations (cloud or offsite storage).

b) Test Backups

Regularly test backups to ensure they can be restored successfully.

5. Securing Modules and Integrations

Dolibarr offers the ability to add modules through Dolistore or custom extensions. These modules can introduce risks if their security is not verified.

a) Install Modules from Trusted Sources

Only download modules from trusted sources like Dolistore or official developer websites.

b) Keep Modules Updated

Keep your modules up to date to address known vulnerabilities.

c) Limit Third-Party Integrations

Integrate only necessary third-party tools to minimize exposure to external vulnerabilities.

6. Protection Against Attacks

a) Configure a Firewall

A firewall monitors and controls incoming and outgoing network traffic. Configure a firewall to block unauthorized access.

b) Implement Intrusion Detection

Use intrusion detection systems (IDS) to monitor suspicious access attempts or unusual behaviors.

c) Enable Login Logs

Dolibarr offers login logs to track user activities. Regularly analyze these logs to identify unusual behavior.

7. Updates and Maintenance

a) Keep Dolibarr Updated

Regular updates to Dolibarr address security vulnerabilities and add enhancements. Enable notifications to stay informed about new releases.

b) Monitor Security Updates

Follow announcements from the Dolibarr community regarding security patches. Apply them promptly.

8. Employee Awareness

The best technology is ineffective if employees do not understand the importance of security.

a) Train Users

Organize training on:

• The importance of secure passwords.
• Recognizing phishing attempts.
• Best practices for using Dolibarr securely.

b) Establish Security Policies

Create clear policies on account and access usage, and ensure compliance.

9. Successful Security Implementation Case Studies

Example 1: A Retail SME

A business using Dolibarr reduced unauthorized access attempts by 50% after enabling 2FA and configuring a firewall to restrict authorized IPs.

Example 2: A Service Provider

After a security audit, a service provider discovered outdated modules. Updating and removing unnecessary modules strengthened security and reduced vulnerability risks.

10. Conclusion

Securing your Dolibarr instance is essential to protect your data and ensure business continuity. By following the essential measures outlined in this article, you can significantly reduce risks and strengthen your system's resilience.

Start today by properly configuring your instance, training your teams, and adopting best practices to maintain a safe and reliable Dolibarr environment