Security in Business Central isn’t about locking everything down. For drinks businesses, it’s about control, accountability, and confidence — especially when you’re dealing with bonded stock, high value inventory, seasonal staff, and tight audit requirements.
Below are 12 practical security controls we consistently see make the biggest difference for Bevica customers.
If you take one thing from this list, make it this.
Multi-factor authentication (MFA) is your first and strongest line of defence. It protects access to your Bevica system and the wider Microsoft ecosystem, especially for remote users, finance teams, and senior roles with elevated permissions.
This tip is not optional; it is critical to keeping your business secure.
Super users can bypass controls, approvals and segregation of duties.
In drinks businesses, particularly those managing bonded or duty-suspended stock, this level of access should be limited to a small number of trusted individuals, reviewed regularly, and treated as a risk rather than a convenience.
If everyone ends up with superuser status during busy periods, that’s a warning sign.
Out-of-the-box permission sets are generic. Drinks businesses aren’t.
Instead, permission sets should reflect how work actually happens. That means aligning access to real operational roles such as warehouse operators, finance users who post transactions, sales teams processing orders, and staff responsible for bonded stock administration.
This reduces risk without slowing teams down and makes audits far easier.
One of the most common risks we see is overlapping responsibilities.
As a rule, users who create or amend vendors, customers or items should not also post journals or payments. And the same person shouldn’t be able to set up, process and approve a transaction from start to finish.
Bevica, through the power of Business Central, supports this separation natively. It just needs to be designed deliberately.
Approvals work best when they’re targeted rather than applied everywhere. For drinks businesses, this typically means using approvals for general journals, credit notes, price or discount changes, and high‑value purchase invoices such as freight, duty, and packaging costs.
The goal is to control where it matters, not to create bottlenecks everywhere.
Knowing who changed what and when is critical, especially when auditors or external stakeholders are involved.
At a minimum, change logs should cover user permissions. They should also track approval setups and key master data. This makes it clear who changed what and when.
This creates traceability without disrupting day-to-day operations.
Bonded stock introduces additional risk and scrutiny.
Access to bonded locations, duty movements, and release processes should be explicitly controlled. These controls should be clearly documented and reviewed on a regular basis.
This is one area where “it’s always been that way” isn’t good enough.
Peak trading often means both temporary access and, with it, temporary risk.
Best practice is to create time‑limited user access. Permission sets should be simplified for these users. Access should be disabled promptly when roles change or contracts end.
Security issues often appear after peak, not during it.
When users leave the business, make sure that you disable their access. This ensures that your business preserves audit history, permission visibility and accountability.
If you delete users, you will remove valuable context and can create problems during audits or investigations.
Upgrades aren’t just functional changes. They are also an opportunity to clean house.
Each Business Central upgrade window is a good moment for you to review permission creep, remove unused users and validate approval workflows.
Security improves fastest when it’s reviewed alongside change.
Business Central doesn’t exist in isolation.
Conditional access, identity controls and Microsoft 365 security policies all contribute to a stronger posture. This is particularly important for businesses with multiple warehouses, remote sales teams and/or distributed finance functions
Growth, new channels, acquisitions and new trading models all change risk.
Security shouldn’t be a one-off setup. it should evolve alongside as your business does. If your adds new products and SKUs, opens a new warehouse or bonded facility or adds new team members, take the opportunity to review your security controls.
The businesses with the fewest issues are those that review little and often.
If you’re running Bevica or planning an upgrade, security is one of the quickest areas to improve and one of the easiest to overlook.
Our team regularly helps drinks businesses review permissions, approvals and access controls to ensure they support trading, not slow it down.
Speak to the Bevica team if you’d like a practical review of your setup.