Keeping your online accounts secure

Every person with an internet connection today will have a vast array of online accounts that can lead potential hackers into their private life, defraud them of funds or hold them for ransom. According to the latest statistics, over the last 15 years, hackers have collected data from 4.3 billion internet users and these are mostly from financial, social networks, web, hotels and retail websites.

Did you know!

The three largest data breaches to date were First American Corporation with the records of 885 million users impacted, Facebook with 597 and a half million, and Marriott International with 500 million.

Tips to help keep your online accounts secure.

These tips will help to keep online accounts secure, especially since most busy people today rely heavily on online banking.

1. Use a password manager: The best way to protect your accounts against hackers is with a complicated password that you change often. Don’t ever use the same password for more than one account.  Like most people, you might argue that it is inconvenient to have to remember so many different and complex passwords. The best tool to help you remember all your passwords is a password manager. This will securely store all your passwords and you will only have to remember one password for the manager. Some, like Keepass and Bitwarden, are free, while those that you subscribe to, like Dashlane and 1Password, have additional features. Password managers can be used on both your phone and computer so that you always have access to your passwords. ** None of these statements are an endorsement; you should vet any software that you use by doing your own research.
2. Beware of public Wi-Fi: Public Wi-Fi has many disadvantages and the fact that it’s usually slow is the least of your worries. If you are not on an encrypted website, then hackers will be able to see your information. If you are going to enter the website of your bank account, check that the URL begins with ‘https://’and not ‘http://’, with the “s” indicating that it’s secure. It’s best to avoid public Wi-Fi altogether, but if you cannot do your business from your own secure Wi-Fi then use a virtual private network (VPN) or your mobile data to safely access the internet.
3. Two – factor authentication protects you: If your banking and other important websites allow you to enable two-factor authentication (2FA), then take that option. You will either receive a text message or email alert with a one-time password for logins. The benefits of this are that the moment someone else logs into your account you will be able to take immediate action.
4. Text alerts for money transfers and withdrawals: Most banks have the option for you to receive text alerts for withdrawals, payments or transfers from your account. This will immediately alert you if someone is trying to do any of these and you will be able to put a stop to it.
5. Be on the lookout for suspicious emails: Ignore any emails that attempt to get you to divulge information about your accounts or passwords. These are called phishing emails and often look like they come from a legitimate source but a hacker is waiting at the other end to steal any information. Most email servers will block spam messages but 5% may still get through, so always be wary. Always remember: your bank won’t ask for personal information and report anything that seems odd.
6. Automatic Login is not safe: Automatic login is when you allow your browser to save your username and password. This allows you to access an account without having to remember any of the login information and anyone else who has access to your mobile phone or computer will also be able to access your accounts. Rather remove automatic login if you have it enabled and use a password manager.
7. Mobile banking is safer: Computers are more prone to attacks from malware than mobile phones so you could download apps to your phone for more secure access. Even though mobile phones are also susceptible to attacks, it is not as common.
8. Keep your devices updated: Don’t avoid updating your computer or mobile device, even though they sometimes take a long to complete. These updates are important because they include the latest security and protection for the newest types of malware and breaches doing their rounds.
9. Make it difficult for people to access your phone: Ensure that no one can get access to your accounts from your mobile phone by enabling its security measures. These may include the use of a pin code, fingerprint or facial recognition. It is also important to never leave your mobile device unattended.
10.  Delete unused accounts: Unused accounts can pose a security risk as hackers may get access to personal information. One example is old email account which could be holding documents from bank accounts or personal information about you. It’s best to delete all unused accounts.

If you follow these tips and look at this information from the University of Texas at Austin about how to protect your privacy on your social media accounts, then you are sure to be better protected in this digitally connected age that leaves us all the more vulnerable.

Groomsoft Specific Security Tips

Don’t share logins

Within Groomsoft you can create an unlimited amount of users. Every person who accesses Groomsoft should have their own username and password. There are two important reasons for this.

1. Accountability:  If everyone shares the same username and password, then you can’t prove who did what. With audit logging in Groomsoft, every time a customer, pet or appointment is created, updated or deleted, it is logged. There is an Audit Trail report available under reports to view who did what.
2. Security:  When you fire an employee, you can set their account to inactive. Once inactive, they can no longer log into Groomsoft. This saves you the headache of a disgruntled employee logging in from home and deleting all your customers. If you think that can’t happen, think again. We’ve seen this happen many times and there is a cost associated with data restoration.

Allow the least amount of privileges necessary

Allow the least privileges means that the user is only allowed to see and do what the need to in order to do their jobs and no more.

Groomsoft has different security levels you can choose for each of your users. We will define each of those below.

Authorization level Groomer:

• Cannot log into Groomsoft.
• Can be assigned appointments and viewed in the calendars and reports.

Authorization level Employee:

• Can log into Groomsoft.
• Full access to appointment calendars.
• No Access to reports.
• Cannot Delete Customer, their pets or their pet’s pictures.
• Settings – Can only access breeds.

Authorization level Limited Employee:

• Same as Employee, except they can only view and edit appointments already assigned to them.
• Can create appointments.
• Cannot view the Customers, SMS, Quick Sale, Waiting List, recurring appointments, reports or expenses page.
• Settings – Can only access breeds

Authorization level Salon Owner:

• Can do everything including viewing reports
• Can not access My Account / billing data

Salon Owner / Primary Account Holder:

• This is the person who signed up for the Groomsoft account. This is the only person who can see the billing information under My Account.
• The primary account holder value is set upon account creation and can only be changed by contacting support.

Privileges Chart

For a video overview of the authorization levels, watch: