Your Pacific Timesheet software contains sensitive data, such as employee hours and pay rates, project bill rates, etc. The following tips will help you reduce the risk of unauthorized access to this sensitive data:
1. Know your password security options
Password security is among the most important aspects of keeping your system secure. Pacific Timesheet software helps enforce best practices by making sure your employees have sufficiently complex passwords, and that they change them on a regular basis. Password security options include:
- Old passwords are expired
- Passwords must be of a minimum length
- Passwords must contain upper or lower case letters
- Passwords must contain numbers
- Passwords must contain special characters such as !, #, etc.
- Employee is locked out after too many invalid failed attempts
There are more options, which you can review on the System > Security page. Also note that login (both successful and failed) are recorded in the audit log, including the IP address of remote computer. You can review the audit and login logs on the Reports page.
2. Set an appropriate idle session expiration
If an employee leaves their computer without logging out, there is a risk that someone else could use their computer to access their data. To minimize this risk Pacific Timesheet will automatically log out employees after a certain amount of idle time. You can adjust this value on the System > Security page.
3. Use a secure connection:
If you are using the Pacific Timesheet SaaS (Software as a Service), make sure you connect using HTTPS rather than HTTP. For instance, enter https://myco.pacifictimesheet.com rather than http://myco.pacifictimesheet.com. When connected using HTTPS you will see a secure icon in your browser:
This indicates the connection is secure and that all data passed between the browser and the server is encrypted using SSL (Secure Socket Layer). If you are self-hosting the Pacific Timesheet software, you can also enable HTTPS support. This is straightforward but will require your purchasing a digital certificate for your computer hosting the Pacific Timesheet software. The friendly support staff at Pacific Timesheet can help you with this.
4. Use permissions to restrict access
An important aspect of security is making sure authorized users only see the subset of the data they should see. Pacific Timesheet handles this through a sophisticated object-oriented permission system. You can use this to limit which pay codes, customers, projects, tasks, etc. they are allowed to see or manage. For instance, you can assign a manager to a group of employees:
Depending upon the specific permissions given to the manager role, this employee will be able to see and manage employees in this group, but not employees in other groups. You can even control whether the manager has access to privileged information such as pay and bill rates.