With the recent uptick in ransomware and cybersecurity threats, account security has become more important than ever. Some of our most recent articles have focused on what to do in the event of a ransomware attack and why you should have a business continuity plan.
For this week’s blog post, I asked the TimeForge team for simple tips for increasing the overall security of one’s account. Below are 5 things you can (and should) do to keep your account secure. And not just your TimeForge account! These tips also apply generally to any software or services you use.
1. Plan out your roles and access requirements ahead of time
Audrey Hogan, our COO and a certified member of SHRM, starts us off with some great advice on how to plan out your account roles and permissions:
“Before even touching the software to set up security or permissions, you should step back and think about the roles that already exist in your organization, the responsibilities of each, and the access needed to complete those tasks,” says Audrey. “Here’s a really helpful exercise for accomplishing this brainstorm. First, sit down with the heads of each department or leadership group and just start writing. I like to make a sticky note for each role, list the permissions on it, and organize them into groups based on shared access.
For example, you might end up with a group of ‘Has access to pay rates’ and a group of ‘Does not have access to pay rates’. Some of the permissions that are consistently important for businesses include:
- access to pay rates
- employee requests for time off
- adding or editing employees
- access to different departments
- ability to view or modify or publish schedules
- access to timecard data
Then, while considering roles, think about how the level of access to a given item. For example, You might want department managers to be able to add, edit, and approve their employees’ requests for time off, but the assistant managers should only be able look at the time off without modifying it.”
2. Don’t use shared logins
Mike Hetisimer, our Implementations Specialist, strongly discourages the use of shared logins:
“There are a couple of big things that come to mind when looking at account security,” he says. “First and foremost, I’d recommend that if you’re using a shared login, stop immediately. Generic users like ‘Store Manager’ pose some real dangers. In the event that someone is given an authorized pay raise, extra hours, etc., it becomes impossible to tell who made a change. Second, I recommend making good use of Permission Groups.”
And that brings us to…
3. Tailor your permission groups
Don Salisbury, our Software Architect, also advocates the use of permission groups. In fact, nearly everyone on the team said permission groups are important for account security.
“A good security policy in TimeForge includes the use of Permission Groups,” Don says. “These allow you to group managers/supervisors with similar access requirements together or to separate them out if need be. TimeForge comes with built-in security defaults that work well for most customers and most situations. Even so, it’s a good idea to review your account security and permissions annually to make sure they’re still relevant and match up with your current processes and policies.”
For step-by-step help, take a look at our guide to setting up permission groups in TimeForge.
4. Require strong passwords
Daniel Fernandez, our Software Engineer, recommends the use of strong passwords. By enabling the password complexity requirement in TimeForge, you can force users to create hard-to-guess passwords.
“Strong passwords include not only letters, but also numbers, symbols, and some capital letters too,” explains Daniel. “You can even set the minimum and maximum character lengths inside TimeForge. This is one of the simplest ways to increase your account security.”
5. Avoid autofill, especially on shared computers
Diego Gaytan, our Support Team Lead, points out the dangers of writing down passwords where they can be seen by others. He also warns of using autofill, especially on shared devices:
“Account admins and owners can help by dissuading managers from writing down their login credentials or using autofill on their browsers,” he says. “These practices make accounts less secure and leave them vulnerable to unauthorized access, as employees could make changes to TimeForge if a manager’s computer is left unattended.”
To reduce the risk of unauthorized access, keep those passwords private and away from prying eyes.
And that’s it – 5 straightforward ways to keep your accounts more secure. As always, don’t hesitate to reach out to us if you’d like any help at all in reviewing and tightening up your roles and permissions! Our team has a ton of experience, and we’d be glad to help.