We get this question a lot, so I thought it would be a good idea to document it here. You have several options with Act! Premium. You can self-host your database - which is what is called Act! Premium for Web, or you can pay to host your database "in the cloud." In this article, I'm just going to cover security precautions we recommend for clients running Act! Premium for Web and allowing Internet access to their Act! database. If you are using Act! Premium for Web solely inside your network, some of the recommendations below will not apply to you (SSL + VPN).
Best security practices for ANY Act! installation
These recommendations aren't specific to securing an Act! Premium for Web installation, but I feel it's worth stating them because they are your first line of protection against data breaches for ANY software or online service.
- Make sure that all Act! users have a unique password for Act! - and not something they use everywhere or something simple like their name or "password", etc.
- Make sure users aren't sharing passwords - or - change your passwords on a regular basis. You can dictate password policies right inside Act!. For more information about this, refer to this article on the Act! help site. Keep in mind that if/when a user's Act! password is changed, that password must be updated for Outlook integration (if configured) and for Act! Scheduler tasks (if it's an administrator user) in order for these processes to continue to work.
- If a user leaves, be quick to make them inactive. You don't want them to have access to your data when they are no longer employed.
- Give users ONLY the access that they need. Most users do not need to be "administrators" or "managers" in order to do what they need to do in Act!. Also, you can remove permissions like "export to Excel" if that's not something the user needs to do their job.
Check out this article for more information on how you can avoid Act! data loss.
Our minimum recommended security precautions for Act! Premium for Web
- Install an SSL certificate on your web server. An SSL certificate encrypts data between the end user's device and the server. It's also required for Act! Marketing Automation if you run Act! for Web. For more information about what an SSL certificate is/does, check out this article. If you need help obtaining and setting up an SSL for your Act! Premium for Web installation, email us at
- Keep Windows updates current on the Act!/Web server. Microsoft releases security patches regularly to combat security threats. You want to make sure those are installed as needed. If you have an IT team, they should be monitoring this for you.
A VPN is an additional layer of protection
If you want an extra layer of protection you can set up a VPN. This gets a bit complicated for end-users, but it's the most secure. Your users would need to have VPN software on their devices and connect to the VPN before they could access Act!. This is not something we specifically recommend, but it's something that IT people usually bring up when you tell them you want to access your server from outside the office. Having a VPN is also a way to secure your Act! remote database sync. You can talk with your IT team about this option, or if you don't have someone you work with regularly, I recommend reaching out to Caston Thomas of iWorks.
I hope this information helps you to better secure your Act! data. If you need assistance with any of these items, our team is happy to help. In addition, we welcome you to check out our other security-related articles:
http://www.egenconsulting.com/not-another-password/ http://www.egenconsulting.com/dont-be-a-victim-of-act-data-loss/ http://www.egenconsulting.com/phishing-incidents-are-the-rise-what-can-you-do-to-avoid-the-taking-the-bait/