Best Practices for User Account Management

To keep your systems more secure, it is important to follow best practices when setting up and managing user accounts. This topic provides best practices and tips for managing security and user accounts.  


To access your system, staff members must have a user account. Here are some best practices for defining those accounts and enforcing policies to manage them.

      Set up email accounts that use your organization's domain name

We recommend that you set up work email accounts using the church's domain name (web address). For example, if your church's website is grace-church.org, your staff email addresses should be something like username@grace-church.org. If your church already has a website, it is neither difficult nor expensive to add email hosting services. Contact your website administrator for assistance. If your church does not have a website, getting one is affordable and not difficult to set up. After your church registers a domain name (web address), use the same domain for staff email addresses.

Having staff email addresses at your custom church domain makes email communications from church staff immediately recognizable to recipients right from their inboxes. Additionally, your staff appears more professional because the emails convey to recipients that the communication is being made on behalf of your church. There are many more reasons why adopting the practice of using individual work emails instead of personal emails can benefit your organization. Read more here: http://www.parishsoft.com/news/where-are-you-at-with-email.htm.

      Use individual accounts with unique logins—not shared accounts

A shared account is an account used by more than one individual. As a best practice, user accounts should not be shared because sharing opens up a number of security risks. One major risk is password management. On a shared account, the password must naturally be disclosed to more than one person. The more individuals who know an account's password, the greater the likelihood it will be divulged to more than the handful of people who are supposed to know it. If the password is widely known, individuals who no longer require access may know the password and be able to view data and records they should not be allowed to access. Secondly, sharing invalidates the auditing and monitoring the ParishSOFT system applies to user accounts. For example, the Offering module monitors user activity and specific actions taken on sensitive financial data. If the logged-in user on a shared account edits a contribution or a batch, the system cannot identify the exact person who made the change. It is a risky practice. And, with more than one person involved, it is almost certain that data will be messed up. One way to protect staff and provide better audit controls is to assign each staff member his or her own account.

ParishSOFT lets your organization have an unlimited number of user accounts, and an administrator can configure each account with the exact permissions the account holder needs to do his or her job. You have sensitive financial and member records in your care. The ParishSOFT system provides built-in security to help you safeguard those records and protect and serve your staff.  

       Schedule periodic authorization reviews of all user accounts

Periodic reviews of all user accounts and access rights assigned to staff are critical if you want to maintain strong internal controls around information security. When an individual changes job responsibilities, you should update access rights to match the requirements of their current role and work responsibilities. When an individual leaves the organization, you should revoke access or remove the user account immediately.

 
Related Topics

<Back to top>