Security starts with you.
Internal security is just as important as external security. If you want to protect your church’s information, you will have to be diligent about whom you give access to the database and also what level of access you give them.
Here’s a list of Do’s and Don’ts with IconCMO’s security settings and access permissions.
DO be aware that there are two separate areas of access within IconCMO.
That’s why under ‘System’ and ‘Security’, there are two options: membership and fund accounting. When you assign access on the Membership side (e.g. People, Contributions), it does not mean that a user has access on the Fund Accounting side (e.g. General-Ledger, Banking, AR, AP, Payroll) or vice versa.
DON’T get locked out of your own system.
We recommend having more than one administrator on your account. Then if one administrator is unexpectedly unavailable, particularly for assigning permissions, you will have a backup who can make the necessary changes to your account.
DO keep your email addresses up to date.
As a security precaution, IconCMO support technicians do not have access to passwords. We can email password reset links, but this means it is your responsibility to keep your email address up to date for the ability to receive the links! This change can be made under Organization: Preferences: Personal. An administrator will need to be involved if an email address needs to be updated and the user can’t access and update it.
DON’T give everyone access to the System: Security: Membership/Fund Accounting screens.
Only administrators should have Read-Write access to the security windows. If you permit a user to access these screens, they can grant themselves access to any part of the system they want. They also have the ability to add or remove user ids and adjust access permissions for other users, even administrators.
DO be aware that usernames cannot be changed, only removed.
For example, if you use “NancyH” as the username, when Nancy leaves then you will either have to give the staff member who replaced Nancy her username, or remove NancyH, create a new username, and reassign permissions to that new user.
If you use more generic usernames such as Treasurer, FinancialSec, Pastor, OfficeAdmin, ChurchName1, etc., it will be easier to know what type of user permissions are assigned to that user and easier to transfer the username to new personnel.
DON’T leave old usernames in the system.
Give careful thought to who has access to what and audit those access rights regularly so that people who are no longer working for the church can’t access the database.