One of the easiest things you can do to protect your organization online is to ensure the security of your Patron Edge Online Administration site. I bring this up because the majority of Admin sites that I have seen are not well-protected. While an attacker wouldn’t be able to get credit card numbers or anything of that nature via the Administration site, there’s still a lot of potential for mischief, or even damage. An attacker could bring down your site by changing Site Settings, redirect all your menu items to a different site, or all kinds of other bad stuff.

Luckily, beefing up security is pretty easy. There are three key things to do, and your system administrator will be able to handle all of them in a matter of minutes.

Change your password - This literally takes seconds but I have seen people who have used PEO for years and still log in with the default login and password. To change the password, go to Administration, System Setup, System Users. Double-click on Supervisor and enter a new password. Done!

Have different Windows accounts run the public and admin sites - When using anonymous authentication for your website, the Administration site account should not be the same as the public site account.  The default account for anonymous authentication is Internet Guest Account (also called IUSR_MachineName). Keep this one for the public site and use a different one for the Admin site, since it needs greater write and edit privileges on the public site folder. Even better, turn off anonymous access to the Admin site altogether and use Windows Integrated Authentication so that only members of your network are able to get as far as the PEO Admin login page.

Lock down rights to Administration site pieces - Create logins for each person who needs access (done in the same place where you changed your password above). Then determine what each person should be able to see. Generally a content creator only needs access to the Site Design and Events sections so turn off their ability to get to other administrative pieces.

What other measures are you taking to secure your website? Leave a message in the comments.