Best practices and Alarm.com partner features to keep you safe

These days, we’ve all got cybersecurity on our minds. And for good reason. According to the FBI’s Internet Crime Complaint Center (IC3), the number and scale of data breaches reached an all-time high in 2023, causing billions of dollars in damages and eroding consumer confidence.

And, it’s not just sophisticated hackers and cyber criminals who can damage your business. Employees with customer account access can accidentally expose sensitive info or, even worse, intentionally misuse it.

In our industry, customers trust us to keep them safe. That includes protecting their sensitive information from prying eyes. That’s why, in recognition of Cybersecurity Awareness Month, we’re highlighting some best practices and built-in Alarm.com features to help protect your customers, your reputation, and your financial health.

1. Make Passwords Longer and Complex: According to the National Insurance Crime Bureau, approximately 11% of all auto thefts happen because someone left the keys in the car. When it comes to cybercrime, using weak passwords is like leaving the keys in the ignition.
   

   Don’t take any risks. Set your team’s required password length to at least 12 characters. You can also set passwords to expire so they must be updated on a regular basis.

2. Require MFA: Multi-factor authentication (MFA) requires users to enter more information than a simple password—like a code that’s texted to you, or a key from an authentication app—to access an account. MFA is a relatively easy way to protect accounts and is highly effective at preventing serious data breaches.
   

   If you haven’t done it already, we highly recommend you require MFA for your team.

3. Create Unique Logins: As part of the onboarding process for new employees, it’s very important you create a unique login for each hire. This allows you to track who did what and when for auditing purposes and in the event of suspicious activity.
   

   Creating new logins from the Login Management section of the Partner Portal is quick and easy. Not sure how? Learn more here.

4. Assign Custom Roles: Once you’ve created a login you can assign it a custom role. You should create roles to give employees the minimum account access necessary to do their jobs. This is called “least privilege,” and it’s a login management best practice to reduce the risk of accidental or intentional system misuse.
   

   In the Alarm.com Partner Portal, admins can easily create roles and then customize the permissions for each. For example, a sales rep role might allow employees to access customer account information only. A technician role would have the permissions necessary to install and set up customer systems and smart devices.
   

   To add even more layers of protection, you can restrict access to customer accounts using the following options:

   • Restrict Customer Search by Today’s Tasks: Allow technicians to search accounts associated with that day's tasks only

   • Restrict Customer Search by Exact Match: Employees must enter aspects of customers’ information exactly as it appears in the system

   • Temporary Customer Account Access: Technicians can only access customer accounts after proving they’re on-site near the panel

   • Customer Account Access Request: Reps can send an “account access request” via email and text, which the customer must then approve

   Reminder: Admins have the highest level of access, which includes the ability to create roles and adjust permissions—so be careful. Only give admin access to those who absolutely need it.

5. Conduct regular login audits: We recommend you review login roles and permissions on a monthly or quarterly basis, depending on the size of your company and level of activity. Make sure each user’s permissions align with their current roles. (Note: To make your audit process easier, you can search for specific employees, filter by role, and review last login times.)

6. Delete old logins. Whenever an employee leaves the company, it’s important to delete their login as part of your offboarding process. As a safeguard, you can configure settings to automatically lockout or delete inactive logins after a certain amount of time. This minimizes the likelihood that an unused login will fall into the wrong hands.

7. Monitor for unexpected login activity. Has a technician suddenly accessed a large volume of customer accounts? Unexpected login activity can be a sign that an employee’s account has been hacked, or worse. With the same proactive intelligence used to notify customers of unusual system activity, Alarm.com can alert your Login Management Contacts to unusual use of Partner Tools. Then, from the Partner Portal, you can view key details: which employee accessed the accounts, which accounts, and when.
   

   Be sure to activate and customize these alerts in the Partner Portal and update your Login Management Contacts to keep your business leaders in the loop.

In summary, prioritizing cybersecurity with best practices and Alarm.com tools is a smart, effective way to protect your customers and business from attacks. Please share these insights with your team to help everyone stay secure. Stay safe out there!