Best practices for protecting your account
It’s important to take precautions to keep your hub secure from attackers, here are some best practices we suggest to keep administrator accounts secure in your hub.
Tips covered in this article:
1. Use a Strong Password
We strongly suggest you use a unique password for your AdvocateHub administrator accounts, preferably generated by a password storage service. We like the LastPass Password Generator.
Remember, your hub is accessible on the Internet in a format that is easy to find (company.influitive.com), so while your Hub may be invite-only, curious people can end up on the sign in page with ease.
2. Use administrator Single Sign-on
Using SSO puts the authority of your administrator identities on your company’s identity management solution, allowing you to reject outside attackers, avoid the use of passwords, and disable accounts automatically.
Remember, you can enable SSO for only admins if you are not equipped to or do not want to using SSO for advocates as well. Read more about it here: Admin only Single Sign On.
3. Don’t use a shared email account or mailing list
We recommend that you avoid using shared email accounts or addresses that lead to a mailing list (e.g. firstname.lastname@example.org or email@example.com) for admin accounts. Using an email address of this nature for an admin account means that anyone who has access to this account can reset the password and gain access.
These usernames are also easy to guess and could be subject to brute-force attacks.
4. Use Roles & Permissions
Don’t give full permissions to all of your administrators, especially if the account uses a shared email address.
Only give what is needed to accomplish a role, and reserve the sensitive permissions like Reward Approvals, User & Role Management, and API Access to a single administrator account. Learn more about AdvocateHub's roles and permissions settings here: Administrator Role / Permission Management.
5. Review your Users
Regularly review your list of admins regularly by navigating to Settings > System > User Management. Ensure that former employee accounts are disabled and that you know the identity of each active admin in the list.
6. Work & Travel Securely
When travelling or accessing advocate hub from a network not controlled by your company, such as a coffee shop, restaurant, or hotel, always use your company VPN or refrain from accessing sensitive sites. If you don’t have a VPN in your company, talk to your IT team.
7. (Advanced) Setup a Report to monitor administrator Sessions
In your reporting section, you can explore an advocate sessions report and edit it to filter on administrators instead. Customize the report with the data you’d like such as name, time, email. You can use this report to regularly monitor for suspicious administrator activity by setting up a scheduled email report.