Time to Change the Batteries: Contract Security Settings
Every New Year’s Day or Birthday we remind ourselves to change the batteries in our home smoke detectors. It seems like the smart and safe thing to do, right? But what reminds you to check the security settings of your software, especially the kind that is involved in sensitive and mission-critical aspects of your business? The new year can also be a reminder to update, or at least review, the security settings in your contract management software and other business applications. Below are a few items to consider early in this new season.
Single Sign-on
Did your company initiate a single sign-on (SSO) effort last year to make it easier to log in to multiple applications while ensuring security? If not, then do it this year. Contract Logix offers the ability to use providers like Azure AD, Okta, ADFS and Duo Access Gateway and we highly encourage the use of SSO as part of your overall security strategy.
Passwords
Has your company’s password policy changed now that so many people are working remotely? It’s a best practice to require longer passwords (8 characters is absolute minimum) with a number of unique characters. It’s also best practice to use passphrases that you will remember with mixed cases, numbers and symbols. And consider shortening the password update frequency.
Multi-factor Authentication
Turn it on, end of story. Many people are already using MFA for applications and websites in both their personal and professional lives. Adding this to your software security settings can prevent costly intrusions and many people already have an authenticator on their phone and are familiar with how it works.
System Configuration
How many times are your employees allowed to try and enter their passwords? Industry standards suggest 3 failed attempts results in being locked out. Then, you should consider how long the lock out duration is set for. If your company has had any hacking attempts in the past, you want to make sure this is set for 30 minutes to an hour to reduce attempts. Make sure the session inactivity setting is reasonable, too. We’ve all heard horror stories like the one about a parent who left their computer open at home and their 5 year old child deleted the project document they were working on by accident. Remember, it’s not just the hackers you are trying to keep out of your system.
Permission Settings
The beginning of the year is also a good time to review the permission settings in your contract management platform. Do you have new projects coming up that need new roles or need to limit access to functionality? How has your organization changed over the last year and what role-based or feature-based permissions should you update? Adding roles across departments is easy and can align with your business processes.
Users and Licenses
While you are reviewing security settings, take a glance at the users that have licenses. Did you have any job changes, did someone take a leave of absence? It’s not just about access to functionality, you should review who is using the application and do they need a change to their license type. Some software like Contract Logix’s offers different levels of licensing including Read-Only, Submitter and Full licenses. Take a quick glance at the users listed and their license types. Does anybody need to be updated or suspended?
E-Signature
And if you use-signature software like Sertifi or another provider, check to make sure the correct people have that enabled in your supporting software applications. Why slow down the business process of signing a contract if you can process it in the application with the right settings? Plus, e-signatures are more secure than wet signatures and keep digital record of exactly when it was signed.
Takeaway
Software security settings should never be a set it and forget it strategy. Just like we change the oil in our car every 10,000 miles and the batteries in our smoke detectors every year, it’s critical that you have a regular review of all your contract management software security settings. If you want to learn more, schedule a call with one of our specialists.