Tips from Jackrabbit Support:
How good are you managing the security of your database? This is a question you should ask yourself on a regular basis. Security has many elements and you should consider the power you hold over your own data!
Here is a story that actually happened. Does any single element of this story sound familiar to you?
One day support received a phone call from a panicked client who could not access her own data. Her own user permissions were so restricted that she could not pull reports, view revenue or reset her own account. She was the owner of the school.
The owner had allowed her front desk person to have access to the “Manager Users & Permissions” option in the database. The front desk person had found Jackrabbit and in the ordering process used her personal credit card on her Jackrabbit account. Worst of all, the owner was now suspicious of fraudulent activity by this employee. By working with support on a resolution, it was also uncovered that her employee had access to more than one user id. The employee also knew several people’s passwords, because they never changed the default password or they gave her access.
Fortunately, everything worked out for the best and as a result she learned a great deal about protecting herself and her business’s data!
Here are some things you should ensure happening in your organization with respect to your database:
Passwords should be PRIVATE. Ensure every user added to the system changes their password and does not share it with anyone. Do not do things like leave passwords on sticky notes under the keyboard! Users should never reveal their password and expose themselves to someone signing in with their user id. If you ever have to give your password to another person, change it immediately. This is especially true for people outside your business and also staff members within your operation.
Every user should have a unique user id. Jackrabbit tracks all user activity. If you have generic user id’s such as “FRONT DESK” you have no way of tracking which user did what.
We recommend someone in your organization act as the system administrator of your system. This person can ensure that best practices are followed and monitor user activity. This person would have permissions that allowed them to manage all other users. This person is NOT required to have or use other people’s passwords.
Go through each user’s permissions and ensure that staff does not have access to most of the options under the “Tools” area. Jackrabbit User Permissions can restrict things such as: financial information, managing other users and deleting transactions to name a few.
Take some time to understand what Jackrabbit offers. Make sure you have access to all permissions in the database. Play a role in the security management of your precious customer information!