iMIS ALERT: Does One of Your Former Administrators Still Have Access to Sensitive Data?
As your organization continues to move forward and grow, you typically cycle through many staff and volunteers, which can also extend to the administrative level. Whether an administrator is let go, leaving for another opportunity, retiring, etc., the issue remains that they have access to sensitive data.
One of our clients, who we host and consult iMIS for, recently experienced this same issue and opened a support ticket with us. Here, we outline a guide on how to disable the access of an administrator:
Server Access (to request from E-Tech):
- Your organization can submit a ticket in advance, letting us know the last day of the retiring employee and request to disable the user server level access at a specific time of the day. The account would be disabled as scheduled and later completely removed from our system.
- A password change for the VPN (Virtual Private Network) is very important. It will restrict the user from connecting to our network and servers or have any access to the database data from outside of the office.
In iMIS (Client Side):
- We would advise you not to delete the user from IMIS. In certain scenarios, deleting the user would affect records that were update by the user in the past. Instead, disable the user’s account in iMIS or change the user type from full to public. This will allow the user to still login to the system from public website and update his profile, but any administrative level access would be revoked.
- Change the manager’s password (If the user had access to the manager’s account). Please call E-Tech Support and provide the updated manager password over the phone. The password is required for us to maintain your system’s working state and troubleshoot any issues. If you are not sure how to update the manager password in your version of iMIS, you can always submit a ticket to support@etechcomputing.com with the prefix *URGENT* in the email title and we will update the password right away.
- If the user had access to any of the other staff passwords, please update both IMIS and RDP passwords for those users also.
Feel free to Contact Us for more information.