In order to ensure the security of your data in Sonas we have some security guidelines to help keep you safe.
How Data Access is Protected
- Two-Factor Authentication (2FA): When logging in from a new device Sonas will require you to click a link that is sent via email to verify it. This prevents someone who has guessed your password from gaining access (assuming your mail is not compromised). If this device is not used for 2 weeks it will expire. You can adjust this timeframe to less than two weeks under Company > General Settings to further tighten security.
- Automatic Logout: Users are automatically logged out after 20 minutes of inactivity thereby minimising the risk of unauthorised access if the system is left unattended. For security reasons this is not configurable.
Security Best Practices for Venus and Users
- Utilise User Roles: Assign specific roles to users to control access and permissions within Sonas. Only assign roles with permissions needed to perform their tasks. Do not fall into the trap of giving everyone admin level permissions.
- Strong Random Passwords: Make your password long (>12 characters) and complex - don't use birthdays or anything easily guessable.
- Password Vault: Use a password vault to store your login - that way you can generate a random complex password and don't have to remember it.
- Use Individual Logins: Ensure each user has their own login credentials and avoid sharing logins (and the passwords) between users
- Remove Access for Departing Users: Promptly delete user credentials when an employee leaves the company.
- Monitor System Logs: Regularly check the system logs in the toolbar for alerts, including changes to bank account information, to detect any unauthorised modifications.