Protecting your member's sensitive information and data is an essential responsibility for the operators of the MiClub and 1Golf systems.
When communicating with MiClub Support team members please find below some helpful tips:
- Never send MiClub any personal member data within E-Mails and E-Mail attachments. If you do need to provide personal member data, please contact our support team and a secure transfer method can be established.
- If a screenshot/photo is required, please ensure you delete or blank out any member personal data like names, addresses, contact details.
- Never send passwords within email communication to MiClub.
Below are some practices to help guide improvement to internal processes and can be included as part of a wider Information Security Policy or Framework.
Continually review which user accounts have administrative privileges on your system
- Make this part of your organisation's policy to reassess admin access every 3/6/12 months. Especially in the event of staff changes or committee turnover.
- Security Role Report Help Article
Remove admin access from accounts who do no longer require administrative access
Communicate the credentials for new admin accounts to staff members/volunteers securely and request they change the password immediately
- Do not send an email containing username and password internally via an unsecure method (ie: email)
Ensure passwords for admin accounts are sufficiently complex and secure.
- MiClub by default enforces a certain level of password entropy, however you may internally enforce a higher level of complexity - Tips and guidance available from the Australian Cyber Security Centre here
Minimise levels of access volunteers and committee members have selecting specific security roles that allow appropriate levels of access
- ie: A volunteer who setups clubhouse leaderboards does not require root admin. Apply appropriate levels of access to each user account
- Description of MiClub Security Roles Help Article
Do not share generic admin user accounts ie: proshop/office/captain and create specific accounts for staff members
- Sharing admin accounts is an unsecure practice and presents additional risks. Using specific user accounts enhances responsibility for admin actions and dramatically improves the accuracy of any audit logging of admin activity
Avoid granting member accounts admin privileges and instead create specific admin accounts
- Member accounts should not have admin security roles as can cause issues with kiosk functionality and makes audit logging vague and less valuable
Ensure the email address used for admin user accounts are not configured with a personal email addresses
- The email address configured on admin accounts should ideally be an internal organisational email (@golfclub.com) so in the event a staff member resigns, they are not able to regain access through an email password reset
Implement a forced password refresh policy. A root administrator can forcibly change any admin user accounts to enforce admin users to use a new password at any time
Create a Information Security Manual (ISM) for your organisation
- Example manuals and guidance on the creation of an ISM are available through the Australian Cyber Security Centre website here
Was this article helpful?
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
We appreciate your effort and will try to fix the article