Skip to main content

FAQ

Security Best Practices

Protecting your school and employee information is critical! This guide provides some security practices for the i2m software and PostgreSQL databases, offering tools for safeguarding your systems and sensitive information. By implementing these strategies, you can significantly reduce security risks and create a robust defense for your digital infrastructure.

General Security Practices

  • Regular Security Reviews
    • Conduct annual security reviews with your IT team to ensure all basic IT security protocols are in place and followed.
  • Use i2m Application Password
    • Budget, Payroll, and ABReport applications allow the user to create a "Master" password the restrict the ability to view data with the programs. You can create a master password by going to Options and selecting General.
  • Strong Passwords
    • Create strong, unique passwords (use 15-20 character minimum passwords).
    • Use a password manager to generate and store complex passwords securely.
  • Software Updates
    • Keep your i2m software applications up-to-date with the latest security patches. Review our help article if you need information about downloading updates.
  • Data Backups
    • Implement regular backups of your data to safeguard against data loss and potential security breaches. Review our backup help articles for information about creating backups.
  • Virus & Malware Protection
    • Ensure your computer has quality and up-to-date antivirus software installed and operating.
  • Firewall Protection
    • Configure firewalls to restrict access to your PostgreSQL database to authorized users and applications.
  • User Awareness
    • Educate users about best practices for data security, including password hygiene, phishing prevention, and recognizing suspicious activity.

Data Storage and Security

  • Secure Data Storage
    • Store sensitive data on secure, encrypted drives or servers.
  • Network Security
    • Use strong network security practices, including firewalls, intrusion detection systems, and secure network configurations.
    • Consider using a VPN to allow users to access i2m data when not connected to the school's local network.
  • Access Controls
    • Implement strong access controls to limit access to sensitive data to authorized personnel.
    • Use multi-factor authentication (MFA) where available to add an extra layer of security.

Securing Your PostgreSQL Database

  • Strong User Passwords
    • Create strong, unique passwords for all PostgreSQL user accounts.
    • Avoid using default passwords or easily guessable information.
    • Use a password manager to generate and store complex passwords securely.
  • Review and Update User Accounts Annually
    • At least annually, use the pgAdmin tool to review the list of user accounts.  Only current, active employees should have a user account.
  • PostgreSQL Audit Logging

Related articles