When you manage users, take great care to protect their privacy and the security of your site.
If you receive an email requesting access to your organization, ensure you can verify the identity of whomever requests access. Use these tips and tricks to keep your system safe:
- Only add users to the system whom you know.
- Verify the email address of the person requesting access to the system.
- Call the user to verify that they are requesting access to the system.
- Verify their identity with a security question.
- Never divulge any personal or identifiable information about users in the system.
Always create users who have only the roles necessary for them to operate in the system. Though tempting, giving someone as many user roles as possible actually constitutes bad security practice due to increased exposure of the system.