Security best practices

Maintaining the security of confidential data within Influx is a primary concern and one that we take extremely seriously. Influx provides a range of security options to ensure private data is protected and secure. Along with the built in security features of firewalls, data encryption, and log monitoring, you can increase the security of your influx data by following these guidelines.

By following the best practices listed in this document, you will reduce the risk of a security breach. However, even the best security policies will fall short if they are not followed. Influx strongly recommends that agents and administrators be trained to follow the best practices and ensure a secure environment.

Password Security for Agents

Influx provides several levels of password security. Administrators can specify the level of password security for agents as medium or high.

Increasing the password requirements for agents can help to prevent unauthorized users from guessing your agents’ passwords. At the highest level of security, agents are required to choose a new password every 90 days.

You should also require your administrators and agents to select unique passwords for their Influx account. In other words, they should use a password that they are not also using for email or Facebook and so on. If one account is hacked and a password is discovered, the hacker’s access will be limited to just that one account.

Keep user names, email addresses, and passwords secret

While there is a fine line between meeting the needs of your users and maintaining security, best practices are that Influx agents and administrators should never give out user names, email addresses or passwords.

Important
Every user must have their own login to ensure data security. Under no circumstances should a group user or password be created.

If a user forgets their password, the automated password recovery system should be used. This prompts the user to enter a valid email address (one already verified as a legitimate user in your account) and they receive an email at that address prompting them to reset their password themselves.

Be aware that hackers sometimes use social engineering techniques to pressure people into helping them out by giving them a password for an account. Educate your Influx users that Influx support staff will never ask them for their password. Any requests to reveal a user name or password either while on the phone or by email should be considered an attempt at a data breach.

Limit the number of Influx Administrators.

Administrators have access to parts of Influx that regular agents do not. For example, all of the security features described in this document are only available to administrators. By limiting the number of agents who have administrator access, you reduce your security risk. The agent role provides the access that typical agents need to manage leads.

Before considering increasing the permissions available to a specific role, consider the risk that opening up this degree of access to other users with that role may pose.

Promptly deactivate users when they no longer require Influx access

Routinely audit your Influx account for users that are no longer with your organization or who have changed roles within your practice and no longer need the level of access that they did before.

Monitor logs for failed logins or unused accounts.

Accounts that are not used should not be kept active as they present a security risk to your organization. Hackers will often target common user names using automated password generators. Log monitoring will reveal attempts at logging into Influx that have repeatedly failed. If you notice that a specific IP address is attempting to gain access to your account without authorization, let us know immediately and we will block that IP.

Hackers are constantly developing new ways to gain access to confidential data. Although no system is completely secure, combining Influx built-in security measures with the vigilance of agents and administrators using Influx will keep data as safe as possible.