Staff - MiClub Security Tips

Modified on Fri, 15 Jul 2022 at 08:59 AM

Protecting your member's sensitive information and data is an essential responsibility for the operators of the MiClub and 1Golf systems.

When communicating with MiClub Support team members please find below some helpful tips:

  • Never send MiClub any personal member data within E-Mails and E-Mail attachments. If you do need to provide personal member data, please contact our support team and a secure transfer method can be established.
  • If a screenshot/photo is required, please ensure you delete or blank out any member personal data like names, addresses, contact details.
  • Never send passwords within email communication to MiClub.

Below are some practices to help guide improvement to internal processes and can be included as part of a wider Information Security Policy or Framework.

Continually review which user accounts have administrative privileges on your system

  • Make this part of your organisation's policy to reassess admin access every 3/6/12 months. Especially in the event of staff changes or committee turnover. 
  • Security Role Report Help Article

Remove admin access from accounts who do no longer require administrative access 

Communicate the credentials for new admin accounts to staff members/volunteers securely and request they change the password immediately

  • Do not send an email containing username and password internally via an unsecure method (ie: email) 

Ensure passwords for admin accounts are sufficiently complex and secure.

  • MiClub by default enforces a certain level of password entropy, however you may internally enforce a higher level of complexity - Tips and guidance available from the Australian Cyber Security Centre here

Minimise levels of access volunteers and committee members have selecting specific security roles that allow appropriate levels of access

Do not share generic admin user accounts ie: proshop/office/captain and create specific accounts for staff members

  • Sharing admin accounts is an unsecure practice and presents additional risks. Using specific user accounts enhances responsibility for admin actions and dramatically improves the accuracy of any audit logging of admin activity

Avoid granting member accounts admin privileges and instead create specific admin accounts

  • Member accounts should not have admin security roles as can cause issues with kiosk functionality and makes audit logging vague and less valuable

Ensure the email address used for admin user accounts are not configured with a personal email addresses

  • The email address configured on admin accounts should ideally be an internal organisational email ( so in the event a staff member resigns, they are not able to regain access through an email password reset

Implement a forced password refresh policy. A root administrator can forcibly change any admin user accounts to enforce admin users to use a new password at any time

Create a Information Security Manual (ISM) for your organisation

  • Example manuals and guidance on the creation of an ISM are available through the Australian Cyber Security Centre website here

Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select atleast one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article