This post was last updated on October 8th, 2020 at 10:56 am.
Church Software User Security starts with you.
Internal security is just as important as external security. In other words, there is no sense locking the building doors (external security), if you don’t take church software user security (internal security) seriously. If you want to protect your church’s information, you will have to be diligent. For example you want to be careful about giving access to the database and what level of access you give the user.
General Church Software User Security
DON’T get locked out of your own system.
We recommend having more than one administrator on your account. Then if one administrator is unexpectedly unavailable, particularly for assigning permissions, you will have a backup who can make the necessary changes to your account.
DO keep your email addresses up to date.
As a security precaution, IconCMO support technicians do not have access to passwords. We can email password reset links, but this means it is your responsibility to keep your email address up to date for the ability to receive the links! Make this change under Organization: Preferences: Personal. When an email needs updating an administrator is the only one that can make this change. The user can’t access or update it.
DON’T leave old usernames in the system.
Give careful thought to who has access to what and audit those access rights regularly so that people who are no longer working for the church can’t access the database.
Here’s a list of Do’s and Don’ts with IconCMO’s church software user security settings and access permissions.
DO be aware that there are two separate areas of access within IconCMO.
That’s why under ‘System’ and ‘Security’, there are two options: membership and fund accounting. When you assign access on the Membership side (e.g. People, Contributions), it does not mean that a user has access on the Fund Accounting side (e.g. General-Ledger, Banking, AR, AP, Payroll) or vice versa.
DON’T give everyone access to the System: Security: Membership/Fund Accounting screens.
Only administrators should have Read-Write access to the security windows. If you permit a user to access these screens, they can grant themselves access to any part of the system they want. They also have the ability to add or remove user ids and adjust access permissions for other users, even administrators.
DO be aware that usernames cannot be changed, only removed.
For example, if you use “NancyH” as the username, when Nancy leaves then you will either have to give the staff member who replaced Nancy her username, or remove NancyH, create a new username, and reassign permissions to that new user.
If you use more generic usernames such as Treasurer, FinancialSec, Pastor, OfficeAdmin, ChurchName1, etc., it will be easier to know what type of user permissions are assigned to that user and easier to transfer the username to new personnel. We do also have the ability to copy access from one user to another rather than transferring usernames as well.
For additional information about security in general, visit VMWare.