In today’s digital age, cybersecurity is a top concern for businesses of all sizes. With sensitive information stored online, it’s important to take measures to protect your accounts from potential hackers.
Though ServiceM8 have invested in industry-leading infrastructure and have bank-grade security to secure their servers, this alone doesn’t protect individual ServiceM8 accounts from being accessed by hackers.
In this article, I’ll explore some best practices for securing your ServiceM8 account and reducing the risk of cyber attacks for your company.
Suspect your account’s been hacked? Here’s what to do first –
1. Change your Password
Follow these instructions for the easiest way to change your ServiceM8 account password.
By using a password manager such as LastPass, you can create and store complex passwords without having to remember them.
This reduces the risk of using easily guessable passwords, which can be a security vulnerability. LastPass can also help you manage and organise all of your passwords in one place, making it easier to keep track of them.
2. Check your ServiceM8 account activity
ServiceM8’s Account Activity log is a feature that provides visibility into who has accessed your ServiceM8 account, when they did so, and the significant actions they have taken.
This will help you pinpoint if, and how, the hacker may have gained access to your account.
To view detailed instructions on how to do this, go to https://support.servicem8.com/hc/en-us/articles/360000920696-How-to-view-your-Account-Activity
You’re looking for lots of failed password or password reset activity (that wasn’t you) or any locations that look different to where your staff would normally access ServiceM8 from.
3. Ask your Staff to Change their Passwords
If you see that a particular member of staff’s account has appeared in the account activity page with suspicious activity, get that staff member to reset their password too and make sure it’s also a strong password.
4. Review Staff Security Roles
Double-check the security roles and access permissions of all staff who have access to your ServiceM8 account, including any third-party staff.
As a guide, you want them to have the minimum level of access needed for them to complete their job.
Watch out for any custom security roles that may have been created and ensure that these additional roles don’t have access to the Settings area of your ServiceM8 account.
You can find more information about security roles here – https://support.servicem8.com/hc/en-us/articles/200273154-Security-Roles-Overview
…along with a full reference guide here – https://support.servicem8.com/hc/en-us/articles/208735566-Security-Roles-Reference
5. Enable Two-Step Authentication
Two-Step authentication (also known as Two-Factor Authentication) adds an extra layer of security to your ServiceM8 account. When enabled, you’ll need to enter a code in addition to your password when logging in. This code is usually sent to your mobile device.
Here are detailed instructions on how to set up Two-Step Authentication – https://support.servicem8.com/hc/en-us/articles/360000853595-How-to-set-up-Two-Step-Authentication
You’ll choose security questions as part of the setup which you’ll need to remember the answers to. These questions are used to identify you if you don’t have access to your mobile phone at any point.
You can opt to enable 2SA for just the account owner, or all staff on the account.
Tip: A tip for any Virtual Assistant firms, or call answering service companies reading this – you can have a single phone number activated for more than one client account, so it shouldn’t cause you any problems in terms of gaining access to your client’s ServiceM8 accounts.
Tip: Want to share the answers to your security questions? Don’t send them via email – consider using a secure, encrypted service such as WhatsApp.
Once the immediate threat has been dealt with, move on to these steps –
6. Review your Document Templates
Go to settings > document templates and check through all of the details on your quote and invoice templates.
You want to make sure that all of the details are present and correct – for example – your company’s bank account number and sort code are listed.
You’ll want to check these in the box below the template, as well as the image of the template itself (just in case new details have been hardcoded directly onto your template)
7. Review your Email & SMS Templates
Go to settings > email templates and then settings > sms templates in turn and double check these templates. You’re looking for changes to wording, or removal of bank details/payment instructions etc
8. Review the job details of recently sent invoices
Go into the invoicing section to open and check the job diary of any jobs that have been recently invoiced. You want to review the email that was sent, as well as the invoice that was attached.
You may want to also consider contacting clients that haven’t paid outstanding invoices yet to ensure all invoices they’ve received from you are legitimate and have the correct payment details.
Finally, make sure you have a plan in place for continued protection –
9. Keep Your Software Up-to-Date
Make sure that your computer and mobile devices are running the latest software updates. These updates often include security patches that address vulnerabilities in the software.
10. Change the passwords and enable 2FA for other services
Review any other online accounts in your business e.g. email, accounting package, social media etc. and change all user logins to strong and unique passwords. Consider enabling Two Step Authentication for those that offer it.
Final thoughts
It is important to note that these steps are not a guarantee that your account will never be hacked. However, they should significantly reduce the risk. It’s therefore essential to take these steps seriously and implement them as soon as possible.
Additionally, it is advisable to regularly check your ServiceM8 account for any suspicious activity. If you notice any unusual activity, such as logins from unknown devices or changes to your account settings, contact ServiceM8 support at support@servicem8.com immediately.
Remember, protecting your ServiceM8 account is crucial for securing your business’s sensitive information and reputation.
Take the necessary steps to safeguard your account today.