05 Feb 2014

Update Passwords and Adjust User Rights Regularly to Prevent Unauthorized Access

0 Comment

Compliance Tip:

Update Passwords and Adjust User Rights Regularly to Prevent Unauthorized Access

Keep Information and Funds Safe and Secure

Banking and data security has been in the forefront of the Chapter 7 community since last week’s EOUST communication about email hacking was circulated. You are held to the highest standard when it comes to protecting the personally identifiable information (PII) and funds in your care. In order to help you maintain strong levels of internal controls, we have put together a list for you to follow to safeguard the sensitive information from unauthorized access.

Review the following guidelines to help prevent unauthorized access to your BMS software and maintain safe and secure banking practices.

1) Create a unique password. Each BMS software user should have a different and unique password .

2) Change passwords frequently. In order to better protect your accounts, it is important to remain diligent about changing your unique password every 90 days. CaseLink Office and TrustWorks were designed with this feature in mind, prompting you to change your password quarterly.

3) Log out of the BMS Software when leaving your computer. Whenever you step away from your computer, whether it is for lunch, a meeting or just for a minute, take a moment to log out of the BMS software so that no one else can get into the software.

4) Disable access for former employees. Every office sees the changeover of employees at some time. Employees who no longer work for you should not have access to your records. To ensure this, remove BMS software access from all employees who no longer work for you.

5) Assign each user their own specific rights. In CaseLink Office and TrustWorks, you have the ability to assign different rights and banking privileges to each user. This would apply to specific functions such as making deposits, printing checks, requesting interim statements and authorizing outgoing wire requests.

CaseLink Office users can adjust these privileges by following the steps below. (TrustWorks users click here for instructions.)

  1. From the CaseLink Office Homepage go to File>Security.BBP1
  2. Next, the Security Information page will open up. Click on the User List tab to select the employee to review.BBP2
  3. To adjust the Banking Privileges for the selected user click on User Rights (page 2).

When denoting access to employees make sure to note the level of access you want them to have. Below is a guideline of CaseLink Office access.

  • Delete: Is the highest level of access. If you have the ability to delete then you can do any function within the record.
  • View: Is the lowest level of access. In this function you only have the ability to view a record.
  • Change: You have the ability to amend records.
  • Add: You have the ability to make additions.

BBP3

  4. Next, select Banking Privileges. Review each of the operations and click Save to complete.

BBP4

Quarterly reviews will help to ensure that each employee has the correct level of access to perform the banking procedures set by the trustee or fiduciary. This will also help in you during your next audit, by matching up employee access to those setup in the Chapter 7 Handbook under the Segregation of Duties.

If you have any questions about setting up banking privileges for your employees, please contact the BMS Banking Center via email or call 800-634-7734 ext. 8.

[top]