Greenshades Blog


Practice Good Security

Posted on January 18th, 2017

By The Greenshades Security Team

In preparation for the upcoming tax season, the Internal Revenue Service is urging employees and companies to take steps to fight against identity theft and tax fraud. Greenshades wants to help you secure your year-end tax filing and tax form services.

In this blog, we want to remind you to use good security practices when using online systems and email. Here are some practices to keep in mind:

  • Log off all websites when you are finished. When you are done with a website, use the sign off or log off options to ensure your session is terminated. Oftentimes, just because you close the browser window or tab, it does not automatically log you out of the website.
  • Limit Permissions to only those who need access. When establishing permissions to your account, be sure to only allow access from personnel that has a need to know that information. This helps prevent information from getting into the wrong hands.
  • Avoid Phishing Attempts. Never reply to emails, texts, pop-up messages, or phone calls asking for your personal, tax, or financial information. Scammers often impersonate representatives from your financial institution, your tax software provider, the IRS, or other businesses and ask you to update your account information. Don’t click on links or open email attachments, even if they seem to be from organizations you trust. Instead, go directly to the organization’s website, when possible. Legitimate businesses don’t ask you to send sensitive information through unsecured channels.
  • Review activity logs and emails. Many websites make a log available to you about your account activity. Take time to review these logs and ensure this was an activity that you initiated. Alert the website provider if something does not add up.

Greenshades Security Tips:

  • Set Greenshades Inactivity timeout. Establish the inactivity timeout so that your employees are automatically logged off of GreenEmployee. This helps to prevent someone else from accessing their account if they forget to log off.

1 - Inactivity timeout

  • Review Greenshades Administrators. Take the time to regularly review the company administrators on your account. You can remove an administrator or adjust their permissions at any point. These changes take immediate effect.

2 - Admin permissions

 

  • Review Administrator and Employee Activity logs. Under the Reports section of GreenshadesOnline, you can review administrator logins and activity. You can also review employee logins and login attempts. If you see something that looks suspicious, please report it to us at security@greenshades.com.
  • Limit Access by IP Address. Consider limiting access to your Greenshades employee portal by IP Address. This will help ensure that employees only access GreenEmployee from designated locations, such as your office locations.

3 - IP Restrictions

 

  • Link your email domain to your Greenshades security. There are multiple ways you can limit access to Greenshades’ administrator and employee portals to only users who have an email address that belongs to your domain(s). Enabling these controls allows you to be sure that only your employees have access to your Greenshades portal.

4 - Account Email Restrictions

As always, if you have questions or concerns, please contact security@greenshades.com.