Overview
This article emphasizes the importance of securing AdvocateHub administrator accounts by outlining several best practices. It recommends using strong, unique passwords, implementing Single Sign-On (SSO) for administrators, avoiding shared email accounts for admin roles, assigning appropriate roles and permissions, regularly reviewing user lists, working securely while traveling, and monitoring admin activities through customized reports.
Information
It’s important to take precautions to keep your hub secure from attackers, here are some best practices we suggest to keep administrator accounts secure in your hub.
- Use a Strong Password
- Use administrator Single Sign-on
- Don’t use a shared email account or mailing list
- Use Roles & Permissions
- Review your Users
- Work & Travel Securely
- (Advanced) Setup a report to monitor administrator sessions
1. Use a Strong Password
We strongly suggest you use a unique password for your AdvocateHub administrator accounts, preferably generated by a password storage service. We like the LastPass Password Generator .
Remember, your hub is accessible on the Internet in a format that is easy to find (company.influitive.com), so while your Hub may be invite-only, curious people can end up on the sign in page with ease.
2. Use administrator Single Sign-on
Using SSO puts the authority of your administrator identities on your company’s identity management solution, allowing you to reject outside attackers, avoid the use of passwords, and disable accounts automatically.
Remember, you can enable SSO for only admins if you are not equipped to or do not want to using SSO for advocates as well. Read more about it here: Admin only Single Sign On .
3. Don’t use a shared email account or mailing list
We recommend that you avoid using shared email accounts or addresses that lead to a mailing list (e.g. marketing@acme.co or cs@acme.co ) for admin accounts. Using an email address of this nature for an admin account means that anyone who has access to this account can reset the password and gain access.
These usernames are also easy to guess and could be subject to brute-force attacks.
4. Use Roles & Permissions
Don’t give full permissions to all of your administrators, especially if the account uses a shared email address.
Only give what is needed to accomplish a role, and reserve the sensitive permissions like Reward Approvals, User & Role Management, and API Access to a single administrator account. Learn more about AdvocateHub's roles and permissions settings here: Administrator Role / Permission Management .
5. Review your Users
Regularly review your list of admins regularly by navigating to Settings > System > User Management . Ensure that former employee accounts are disabled and that you know the identity of each active admin in the list.
6. Work & Travel Securely
When travelling or accessing advocate hub from a network not controlled by your company, such as a coffee shop, restaurant, or hotel, always use your company VPN or refrain from accessing sensitive sites. If you don’t have a VPN in your company, talk to your IT team.
7. (Advanced) Setup a Report to monitor administrator Sessions
In your reporting section, you can explore an advocate sessions report and edit it to filter on administrators instead. Customize the report with the data you’d like such as name, time, email. You can use this report to regularly monitor for suspicious administrator activity by setting up a scheduled email report.
FAQ
Why is it important to avoid using shared email accounts for AdvocateHub admin roles?
Shared email accounts for admin roles increase the risk of unauthorized access, as multiple people have access to the email that can reset the password. They are also more susceptible to brute-force attacks due to their predictability.
What is the advantage of using Single Sign-On (SSO) for administrator accounts?
SSO centralizes the authentication process through the company's identity management system, enhancing security by reducing the risk of external attacks, eliminating the need for passwords, and enabling automatic deactivation of accounts.
How often should I review the list of administrators in my AdvocateHub?
It's important to regularly review your list of administrators to ensure that accounts of former employees are disabled and to verify the identity of each active administrator.
What should I do to secure my connection when accessing the AdvocateHub from an uncontrolled network?
When accessing the AdvocateHub from an uncontrolled network, always use your company's VPN to ensure that sensitive information remains secure. If your company does not provide a VPN, consult with your IT team about secure access options.
How can I monitor unusual activities within the administrator accounts?
You can customize the advocate sessions report to focus on administrator activities, including names, times, and email addresses. Setting up a scheduled email report for this can help with consistent monitoring for any unusual activities.