Top 10 Security Best Practices in Flex
October is National Cybersecurity Awareness Month! Now in its 17th year, the event raises awareness about the importance of good cyber safety practices. Proper security measures will protect your company’s valuable and confidential data against a security breach or unwanted access to your information. At Flex, we’re commemorating the occasion by bringing attention to some important security features and best practices within Flex.
Don’t create a common user and don’t share your password
Flex offers unlimited users, so everyone in your team can have their own unique username. This eliminates the need to have a common users. You should never have a generic named user like “warehouse” that multiple users know and use. This makes it harder to track down which person from your team performed a certain action. It will also be more challenging to remove access or lock out a user when they are no longer with the company. Shared users, although they may seem convenient, provide bad accountability.
Don’t delete users who are no longer with the company, disable them instead
If someone is no longer with the company, your first instinct might be to delete their user entirely. But what if you wanted a historical log of that user’s actions for reporting purposes? That’s why we recommend to disable the user, change their password, and move them to a restricted security group. This way they can’t log in, but if somehow they did, they won’t have access to anything, and you would still have easy access to their past actions. This practice is also recommended if a staff member is furloughed temporarily during COVID, you’ll be able to easily return access to the system when you bring them back.
View and monitor the User Audit Log
We always recommend our customers to review their users periodically to ensure you have disabled all of the appropriate users and that current users are assigned to the correct Security Groups. You can also check the history of which accounts have logged in and out, the timestamps of those actions, and the IP that they accessed Flex from. You can do this globally or locally if you are concerned about a certain account or you can check it individually to make it easier to get more history.
Create Password Policies
Maintaining adequate password hygiene is essential to protecting your confidential company data in Flex. Create a password policy which dictates how often users reset passwords, for example every 90 days or 6 months, depending on what works best for you. We also recommend that your policy include rules for your company for password creation. Like setting a minimum password length and requiring users to include numbers and special characters to strengthen the password.
Create Security Policies
If you would like to add an extra layer of security for your system at login you can do this by adding whitelist and blacklist of IPs to each user. You can also set up a “NO ACCESS TIME”. This will lock your system during a specific day or time you set. This can be good to prevent use of your system after-hours. To set up a Security Policy, go to System Settings → Security Policies. Once you create a policy, you can apply to each user individually on the user’s settings page.
Set and maintain Security Groups and Permissions
There is a robust set of Security Group and Permissions for each of the major modules in Flex. The default Security Group settings can work for many customers but this is a great time to review these settings in detail and make sure they match your organization’s needs.
Restrict who can view Financial Documents
You can configure permission settings to restrict access to financial documents, like Quotes and reports. For example, you can give full view and edit access to your sales reps, and restrict warehouse leads to view-only access. You could also give view access to your shop techs, but restrict the financial module entirely. Flex gives you full flexibility to customize security and permissions to what works best for your company.
Use Sensitive Search Tokens
Columns in the Calendar or a project list are provided through “Search Tokens.” By default, anything with financial information is deemed “Sensitive”. This makes it so you can allow someone to see a list of projects, but restrict them from having further access to this information. Check group and individual permissions ensure the right people have access to this data.
Use Report Preferences to limit who can run reports
By default, reports do not have any permission limits because we can’t guess your organizational structure but all reports have the ability to limit who can run them by the Security Group they are in. To do this, you can go to System Settings > Report Preferences > and Authorized Group.
Use appropriate firewall settings for Printers
When using a Barcode Printer with your Flex System, you must first open port 9100. However, leaving this port wide open on your network can lead to unwanted traffic from the outside world. To fix this we recommend implementing a network firewall to block unwanted traffic. Send an email to support@flexrentalsolutions.com to obtain the correct IP addresses to add to your firewall’s whitelist. This will prevent any other IP from accessing your network.
Contact Flex Support with your security questions
Flex Rental Solutions Support Team is well versed in cybersecurity best practices and security and permission settings. Contact them at anytime with questions on how to strengthen your Flex system against possible data breaches or unauthorized system access.