Security overview - securing your database
The first component of securing your database is controlling who can access it.
As was outlined in the video above, you ensure the security of your database firstly by:
- Managing the password settings that apply to user logins.
These are the rules applied when new passwords are created and when users log in to the system using these passwords.
You also specify how long the mobile app can be inactive before logging out a user.
- Further information is at Password settings.
Since the video was created we have added the ability to log in with a Microsoft account. This convenient method provides the additional security of multi-factor authentication (MFA). See Sign in with Microsoft account for details.
Next you need to carefully control what they can see and do in your database.
As was outlined in the video above:
- Manage what users can do and see in your database by connecting them with security groups.
- You may also want to customise which cases users can access.
You make each user a member of one (or more) security groups. These are collections of permission settings that minutely specify what can be done and seen by the members.
The default is to only allow access to a case when the user is specifically connected to it.
You can extend this access through user memberships in case offices, teams and categories. These are set up at the Employee List.
- Detailed information about permissions and security groups starts at Security Groups.
- Full information about user memberships is at Office, team and category membership.
- Detailed information about the full case access system is at Access to cases.
General security awareness
It is also recommended that staff take a general security awareness course.
Lastly, while not strictly speaking a security issue, backing up your database is tremendously important. if you're not sure, ask yourself:
What would I do if I lost everything I had entered into Case Manager since I started using it?
This could result from incidents such as accidental deletion of files, infection with an email virus or a major fire. You could only recover with minimum loss of data if you'd been carefully following a backup process.
If your database is hosted by Chameleon Software we have already put best practice backup procedures in place. If not, you need to familiarise yourself with Backup best practice and make sure these guidelines are followed at your business.