Our robust granular permissions settings get a new partner in securing your WORKetc data: the location-aware Remote Access Control.
The granular permissions settings are one of those WORKetc CRM security features that don’t often get thrust into the spotlight. These settings are key in keeping your WORKetc data safe; they don’t just give you complete control over who can access the system, they also let you choose which parts of it they can see.
For example, it’s important for your project manager to access everything related to projects and tasks. The financial side of the business is outside of her area of expertise, so you decide to turn off access to WORKetc’s billing and invoicing tools.
Here’s another scenario: you have two people in sales, Jim and Bob. You can allow them both to see each other’s sales leads so that they don’t end up wasting time going after the same lead. However, each of them can only modify and delete the leads they created. Jim can see Bob’s leads but he can’t edit them and vice versa.
Granular permissions control what your employees can see and do in WORKetc. Our latest release, the location-aware Remote Access Control, lets you choose where they can access the system.
More Security, More Peace of Mind
Imagine you’ve just recently had to let go of one of your employees. They’re obviously not too happy about it. Even though you think they’re a good person, there’s this niggling feeling at the back of your mind that they might act irrationally.
We’ve all had that niggling feeling at one time or another. You know it. It starts off as a simple “What if?” that you quickly shake off. “No, they’d never do that,” you think to yourself. “They’re not that kind of person.”
You believe they know one of your remaining employees’ login credentials, and you’re afraid that they’ll access your WORKetc account and potentially do some major damage to your business. You do a company-wide password reset, which in all likelihood will already fix the problem by itself, but still — the thought persists.
Remote Access Control can help you get rid of that recurring anxiety and give you peace of mind. With this new feature, you can set it so that your employees can only access WORKetc when they’re sitting at their desks in your office and nowhere else.
This means that even if your irate ex-employee somehow manages to get his hands on a new password, he still won’t be able to access your WORKetc account unless he does it from inside your office.
Here’s how it works.
Limit Access to Specific IP Addresses
An IP — or Internet Protocol — address is a unique string of numbers separated by periods or dots (78.125.0.098, for example) that identifies each computer that communicates over your network. A street address determines where a letter should be delivered; computers use IP addresses to communicate with each other.
Internet service providers (ISPs) assign an IP address to every connection they provide. If you have a business-grade connection, this is usually a static or non-changing address. This IP address is also known as a WAN address; it’s what your router uses to connect to the Internet.
The new Remote Access Control feature lets you control exactly which WAN IP addresses or address ranges are given access to WORKetc.
Let’s say your ISP-assigned IP address is 193.167.1.70. If you add that address to the list of allowed IP addresses in your WORKetc account’s security preferences, only those devices that connect through that specific IP address will be able to login to WORKetc.
If you try to connect using any other IP address, the location-aware security feature won’t let you log in to your WORKetc account.
These IP restrictions let you restrict access only to devices that connect to the Internet through your ISP-assigned IP address, but what if you have employees that are regularly off-site? You can still let them access WORKetc as long as you know the WAN IP that they’re connecting from.
For example, if you have a team working off-site, say at a client’s office or from home, you can ask them for the IP address at their location and add that address to the Remote Access Control settings.
As long as your off-site team members use only those specific IP addresses to connect, they’ll be able to access WORKetc without any problems. You can also temporarily allow them to access WORKetc regardless of the IP address they’re using to connect.
Mobile App Access
One big difference between WORKetc’s mobile apps and web apps is that the former doesn’t have any sort of import or export capability. Mobile app users won’t be able to export sensitive company information such as sales leads and project and financial details.
As such, we’ve made it possible for you to allow your employees to access WORKetc through the mobile apps regardless of what IP address they’re currently using. This is particularly important as mobile devices usually have dynamic IP addresses which can change depending on the network they connect to.
Let’s say your company sells and installs routers. You have a team of five specialists who go out and install your products in clients’ homes and offices. Each of your specialists has the WORKetc mobile app installed on their phones to let them log time and quickly capture customer information on-site.
Even if you enable the Remote Access Control feature, you can still allow your installation specialists to access WORKetc through the mobile app. Your field team will still be able to do their jobs using the mobile apps while you continue to restrict access to the web app.
This is perfect for businesses that regularly have people out in the field but also wish to limit access to the main web app to within their office only.
Mix and Match According to Your Needs
The Remote Access Control feature lets you set different restrictions for the web and mobile apps at the same time. You can even lift the IP restrictions completely for trusted users.
Let’s say you’re going on a week-long overseas vacation. You’re a bit of a workaholic, though, so you still want to be able to check in on how everybody is doing from time to time.
You have the WORKetc mobile app installed on your phone, but you want the full power of the web app. You already limited web app access only to those desktop computers in your office that connect through your office internet connection.
Fortunately, Remote Access Control lets you give access from any IP address to specific users that you trust. You can log on to WORKetc no matter what IP address you use to connect.
Meanwhile, your office-based team can still only log on to the system using the computers at their desks; your people out in the field can use the mobile apps to access WORKetc.
Setting It All Up
To enable IP access control, simply navigate to Settings > Manage Account > Security. There, hover over the pencil icon next to the IP Access Control option (which is set to Disabled by default) and click it. You will then see the following options:
WORKetc remote access control setup
- Check the box to enable or uncheck to disable.
- Enter the IP addresses that are allowed to access the account as a user (employee). You can use wanip.info to determine your WAN IP address.
- If required, check the box and select users that can are not included in these restrictions and can access from any IP address.
- Check this box to enable the mobile apps to be used from any IP address (usually required).
- Click on Save.
Since the IP access control settings dictate who can access WORKetc and from where it’s important to fully understand this feature before you enable it. You don’t want to accidentally lock someone — or worse, everyone! — out of WORKetc. Check out the video below and our User Guide article for more details.
Ever experience any near-misses in your business? How did you resolve them? Share your stories in the comments.