Additionally, we are committed to helping you achieve the highest level of protection for your particular application instance. If you ever have a question on how to achieve maximal security in the system, feel free to contact us directly: firstname.lastname@example.org, or call the customer service line at (646) 421-6108.
There are easy steps you can take on your end to reduce the risk of a security breach, but it is important to understand the user’s role in security: even the best security policies will fail if they aren’t followed. YesTrak strongly recommends that your users and administrators be trained to understand the system and practices which will allow for the maximum protection.
Follow these tips to increase the security of your YesTrak application:
PASSWORD SECURITY AND UNIQUE ROLE BEST PRACTICES FOR YOUR ADMINISTRATORS & USERS
YesTrak allows bifurcated roles for administrators and users in the system so you can audit changes. As a reminder, an administrator has access to all areas of the system, including settings, while a User has access to all application data without access to settings (as a way to ensure system settings are only controlled by managers and/or owners).
Additionally, YesTrak lets you customize passwords as often as you’d like. Understand that these passwords are a critical component to the security of your system. When you create a new user in the system, and that employee leaves your company, you have a breach to your data until you delete that user, and/or change the password. If an administrator allows someone access from their password so a user can log in to make settings adjustments (something we recommend Admins NEVER do, that user now has the ability to make adjustments at any time unless the Administrator changes their password upon completion of the requested changes.
To set password security, follow the user administration steps under ‘Settings’. YesTrak will send users an email notification when their password is changed.
Additionally, try to counsel your administrators and users to use unique passwords in the system, and not the same ones they use for other systems such as an EHR system, or personal e-mail account, or Salesforce, Amazon, etc.. If you double up on passwords and the other system is compromised, hackers will have a leg up on accessing YesTrak.
NEVER GIVE OUT USER NAMES, EMAIL ADDRESSES, OR PASSWORDS
While there is a fine line between meeting the needs of your users and maintaining security (as addressed above in instances where administrators give out their passwords so a user can take immediate action in a system), YesTrak users and administrators should never give out user names, email addresses or passwords.
Be aware that hackers sometimes use social engineering techniques to pressure people into giving them a password for an account without their knowledge. In some cases, they do this by contacting your personnel during evenings or weekends when they suspect there are fewer managers or full-time employees working. They may claim that there’s been a security breach and that the password needs to be reset immediately to some new text that they provide.
Some hackers use tools that let them spoof email addresses to impersonate users from legitimate email domains. If in doubt, never provide any sensitive information or make account changes on someone else’s behalf. Legitimate users should be able to change their account settings on their own in all well-designed technology systems
Educate your staff about these types of risks. Additionally, you can create a security policy that everyone knows and can refer to when questions occur.
LIMIT THE NUMBER OF ADMINISTRATORS IN YOUR SYSTEM
Administrators have access to parts of your YesTrak account that regular users do not. By limiting the number of employees who have administrator access, you reduce your security risk. The User role provides the access that most staff will need to manage and solve client calls and messages.
AUDIT YOUR YESTRAK INSTANCE ON A REGULAR BASIS
If you follow all of the above techniques, your YesTrak account should always be private and secure. However, it is still a good idea to routinely check for suspicious activity. We suggest that you use the following checklist frequently to ensure that no mistakes have been made that may leave you vulnerable.
• Review administrator and user access to look for unknown agents, administrators, or unusual email addresses not in your company domain, and/or employees who are no longer with your organization.
• Verify that all notification email addresses and mobile phone numbers for SMS messages you are using are valid and point to known and correct addresses
• Additionally, review all automated notifications and check that they are notifying the correct people