WORK[etc] Launches Location-Aware Security Layer

Our robust granular permissions settings get a new partner in securing your WORK[etc] data: the location-aware Remote Access Control.

The granular permissions settings is one of those WORK[etc] CRM security features that doesn’t often get thrust into the spotlight. These settings are key in keeping your WORK[etc] data safe; they don’t just give you complete control over who can access the system, they also let you choose which parts of it they can see.

For example, it’s important for your project manager to access everything related to projects and tasks. The financial side of the business is outside of her area of expertise, so you decide to turn off access to WORK[etc]’s billing and invoicing tools.

Here’s another scenario: you have two people in sales, Jim and Bob. You can allow them both to see each other’s sales leads so that they don’t end up wasting time going after the same lead. However, each of them can only modify and delete the leads they created. Jim can see Bob’s leads but he can’t edit them and vice versa.

Granular permissions control what your employees can see and do in WORK[etc]. Our latest release, the location-aware Remote Access Control, lets you choose where they can access the system.

More Security, More Peace of Mind

Imagine you’ve just recently had to let go of one of your employees. They’re obviously not too happy about it. Even though you think they’re a good person, there’s this niggling feeling at the back of your mind that they might act irrationally.

We’ve all had that niggling feeling at one time or another. You know it. It starts off as a simple “What if?” that you quickly shake off. “No, they’d never do that,” you think to yourself. “They’re not that kind of person.”

You believe they know one of your remaining employees’ login credentials, and you’re afraid that they’ll access your WORK[etc] account and potentially do some major damage to your business. You do a company-wide password reset, which in all likelihood will already fix the problem by itself, but still — the thought persists.

Remote Access Control can help you get rid of that recurring anxiety and give you peace of mind. With this new feature, you can set it so that your employees can only access WORK[etc] when they’re sitting at their desks in your office and nowhere else.

This means that even if your irate ex-employee somehow manages to get his hands on a new password, he still won’t be able to access your WORK[etc] account unless he does it from inside your office.

Here’s how it works.

Limit Access to Specific IP Addresses

WORKetc CRM SecurityRemote Access Control in WORK[etc]. Click to zoom.

An IP — or Internet Protocol — address is a unique string of numbers separated by periods or dots (, for example) that identifies each computer that communicates over your network. A street address determines where a letter should be delivered; computers use IP addresses to communicate with each other.

Internet service providers (ISPs) assign an IP address to every connection they provide. If you have a business-grade connection, this is usually a static or non-changing address. This IP address is also known as a WAN address; it’s what your router uses to connect to the Internet.

The new Remote Access Control feature lets you control exactly which WAN IP addresses or address ranges are given access to WORK[etc].

Let’s say your ISP-assigned IP address is If you add that address to the list of allowed IP addresses in your WORK[etc] account’s security preferences, only those devices that connect through that specific IP address will be able to login to WORK[etc].

If you try to connect using any other IP address, the location-aware security feature won’t let you login to your WORK[etc] account.

These IP restrictions let you restrict access only to devices that connect to the Internet through your ISP-assigned IP address, but what if you have employees that are regularly off-site? You can still let them access WORK[etc] as long as you know the WAN IP that they’re connecting from.

For example, if you have a team working off-site, say at a client’s office or from home, you can ask them for the IP address at their location and add that address to the Remote Access Control settings.

As long as your off-site team members use only those specific IP addresses to connect, they’ll be able to access WORK[etc] without any problems. You can also temporarily allow them to access WORK[etc] regardless of the IP address they’re using to connect.

Mobile App Access

One big difference between WORK[etc]’s mobile apps and web app is that the former don’t have any sort of import or export capability. Mobile app users won’t be able to export sensitive company information such as sales leads and project and financial details.

As such, we’ve made it possible for you to allow your employees to access WORK[etc] through the mobile apps regardless of what IP address they’re currently using. This is particularly important as mobile devices usually have dynamic IP addresses which can change depending on the network they connect to.

Let’s say your company sells and installs routers. You have a team of five specialists who go out and install your products in clients’ homes and offices. Each of your specialists have the WORK[etc] mobile app installed on their phones to let them log time and quickly capture customer information on-site.

Even if you enable the Remote Access Control feature, you can still allow your installation specialists to access WORK[etc] through the mobile app. Your field team will still be able to do their jobs using the mobile apps while you continue to restrict access to the web app.

This is perfect for businesses who regularly have people out in the field but also wish to limit access to the main web app to within their office only.

Mix and Match According to Your Needs

The Remote Access Control feature lets you set different restrictions for the web and mobile apps at the same time. You can even lift the IP restrictions completely for trusted users.

Let’s say you’re going on a week-long overseas vacation. You’re a bit of a workaholic, though, so you still want to be able to check in on how everybody is doing from time to time.

You have the WORK[etc] mobile app installed on your phone, but you want the full power of the web app. You already limited web app access only to those desktop computers in your office that connect through your office internet connection.

Fortunately, Remote Access Control lets you give access from any IP address to specific users that you trust. You can log on to WORK[etc] no matter what IP address you use to connect.

Meanwhile, your office-based team can still only log on to the system using the computers at their desks; your people out in the field can use the mobile apps to access WORK[etc].

Setting It All Up

To enable IP access control, simply navigate to Settings > Manage Account > Security. There, hover over the pencil icon next to the IP Access Control option (which is set to Disabled by default) and click it. You will then see the following options:

WORKetc remote access control setupSetting up Remote Access Control. Click to zoom.
  1. Check the box to enable or uncheck to disable.
  2. Enter the IP addresses that are allowed to access the account as a user (employee). You can use to determine your WAN IP address.
  3. If required, check the box and select users that can are not included in these restrictions and can access from any IP address.
  4. Check this box to enable the mobile apps to be used from any IP address (usually required).
  5. Click on Save.

Since the IP access control settings dictates who can access WORK[etc] and from where, it’s important to fully understand this feature before you enable it. You don’t want to accidentally lock someone — or worse, everyone! — out of WORK[etc]. Check out the video below and our User Guide article for more details.

Ever experience any near-misses in your business? How did you resolve them? Share your stories in the comments.


David McGarry
Thursday 12, Nov 2015 5:53 AM

This is very timely as we have just had to make some redundancies, but also new staff with different roles have come onboard.

It’s pretty cool that you can restrict access based on IPs as we have remote workers in Sydney, Melbourne and in and around the Adelaide area of Australia. It’s good to know that we can lock down our client info and only expose those parts needed to our staff.

Thanks for this interesting write-up, we will have to look further into the settings and see how we can benefit with some of these changes.

Friday 13, Nov 2015 7:35 PM

I think that the permission and automatic escalation issues are the two main features the need improvement, for the permission one, any business will need to have a hierarchical structure permissions, so if you have multiple sales managers, say 4 and each one has 3 reps, one should be able to allow each manager to have full access on his 3reps, to monitor, give an remove permissions, see their work, but not the other reps of his colleague manager and you need the VP of sales to have general access on all his employees but not on the Finance employees for example, and so should the HR manager have full access on all the employees personal information and not their individual sales records, what’s happening now is that if we give access to an employee on say contacts to view, edit and delete, he or she can have that access to all employees in the company!! This needs to be improved if possible please. The remote IP is a great addition and we need more improvements on the permissions front.

Thank you all

Karen S
Saturday 14, Nov 2015 3:45 AM

I am looking forward to bring this new feature to our team. 1 team member travels 2 weeks of the month and we are always worried about wifi hotspot intrusions. I believe this will help with that worry. Thank you for your continued effort on our part, the improvements are useful, insightful and most appreciated. Keep up the good work.

    Steve Westrop | WORK[etc]
    Tuesday 17, Nov 2015 9:35 PM

    Interesting point Karen – I tend to use additional security tools whenever I’m working remotely and am very picky about the hotspots I connect to and what I do on them.

James Hartley
Tuesday 17, Nov 2015 8:16 AM

I have all projects locked from deletion, even from designers (who otherwise have high level permissions) to avoid “accidents”. If someone double enters a project they have to request that it be deleted – by supplying the project name and number by email. This provides a double check…. and well worth doing as last week a project was sent up for removal that had been confused. The one requested had two years of info in it… the check ensured that this wasn’t lost and the error flagged.
Praise be for granular permissions!

Steve Westrop | WORK[etc]
Tuesday 17, Nov 2015 9:39 PM

James raises a good point here. I always try to highlight certain aspects of the permissions on trainings. Contact bulk deletion being top of the list (that’s someone else’s horror story to share), closely followed by Contact Export (I was responsible for data protection in a previous role – still a bit obsessed by it at times), and ALL the delete options and setting controls. Not only does it help protect your business data, but it makes the interface a bit cleaner for people too.

William Mullane
Saturday 21, Nov 2015 3:28 AM

It’s easy to give short shrift to security until it is too late. I’d really rather spend a bit of time to anticipate and prevent a problem than spend loads of time and money doing clean up and repair. I am certain we can use the granular permissions, a stronger password protocol and the new location-aware security to tighten things up. As more members of our team explore and dive deeper into the WORKetc system, we are ready to take a closer look at our overall security profile. Thanks for the additional layer of security.

Thomas Lawler
Tuesday 1, Dec 2015 7:52 AM

This is awesome. Being involved with IT security in my company it’s cool to see others recognize the importance of security, and allow others to improve security with their important company information. Kudos and thanks for making these important improvements to the Work[etc] application!

Jordan S Zoot
Saturday 5, Dec 2015 12:57 PM

We use a number of tools starting with Okta Multi-factor SSO with Cloudlock and deploy an active MDM solution with managed apps. We preclude access to certain content through non-managed apps when an individual is outside of our network. We also have all of our devices registered which give us the ability to lock and wipe a device remotely if required.

Donna Grindle
Thursday 10, Dec 2015 3:31 AM

I am excited to be a well thought out security plan being implemented. There is a great deal of valuable information for any business inside Worketc. This is a great launching pad for more security features. In today’s hacking and data breach environment there can’t be too many options to give us control over access to valuable data.

Thursday 17, Dec 2015 11:36 AM

Obviously, this will never solve all issues, but this is a great step. I really enjoy the ability to separate one user’s security from another (without relying on different ‘classes’ of users) and to have the mobile app handled on it’s own. Let everyone do whatever they need to do!

Cyntia Larrieu
Sunday 17, Jan 2016 11:59 PM

I like the permission feature. We use it when we have to give access to WORKetc to a new employee that don’t fully know how to use worketc yet. Indeed, it’s easy for someone to delete something by mistake and as there isn’t an undo button it can be dramatic. I like the new location aware security layer, it’s primordial for a company to know that its data is protected !

See all

Featured Posts

7 Clever Add-Ons That Supercharge Google Drive Productivity

Do more with WORKetc CRM’s Google Drive integration and these clever add-ons. We rolled out a significant new feature to WORKetc CRM’s Google Drive integration a while back, giving users access to Team Drives from within the WORKetc CRM environment. In the spirit of that update, here’s a curated list of seven add-ons for Google […]

4 Key Steps to Turn Your Sales Team into a Deal-Closing Juggernaut

Using WORKetc CRM for a more efficient, productive sales team. Selling is simple. You get a sales lead, you offer goods and services, the customer picks one and pays you. But just because it’s simple doesn’t mean it’s easy. The idea itself may be simple, but the actual execution is a difficult task requiring a […]

3 Must-Know Strategies Your Business Needs For Successful Projects

Stop wasting money with these 3 must-know project management tips. Ever lost money on a project, even one that you managed to complete? Well, you’re not alone. In their 2018 Pulse of the Profession report, PMI estimates that 9.9% of every dollar is wasted due to poor project performance. For every $1 billion invested, that’s […]

WORKetc CRM Success: Celebrating Your Big Wins in 2018

A brand-spanking new Gmail add-on, an overhauled iPhone app, and much faster search capabilities—these are just a few of the massive changes we introduced to WORKetc in 2018. None of these improvements, however, would be at all possible if not for the continued support and dedication of our loyal WORKetc users. And since there’s no […]

4 Simple Tips For Max WORKetc CRM Efficiency From Real Users

WORKetc CRM tips and tricks, tried and tested by real users. A CRM is an investment. And as with every investment, you’ll want to squeeze a much juice as you can out of it. Here’s a new batch of tips on how to do just that, from real WORKetc users running their small businesses on […]

3 Critical Resolutions for Small Business Success in 2019

Keep the fireworks going all throughout 2019 with WORKetc CRM. If you’re anything like me, New Year’s resolutions are never just about your personal life. It’s also about probing deep and seeing what you can do for your business. It’s about identifying changes that have real, tangible, and measurable impacts. Here are a few ideas […]