IT security using Tracelink

Unfortunately, attempts to establish illegal access to companies' data are something that goes on constantly. IT crime has become more of a profession than a playground. Hacking and phishing take place these days like organized crime everywhere, with both small and large masterminds.

We are of course very aware of this at Tracelink. We follow developments and continuously strengthen our protection against IT crime that may be directed at Tracelink's data. But it is also important that our users take certain precautions to protect the company's data.

Overall, we recommend that you, as a user of online services, read some of the stories that are mentioned in the media each week. In recent years, many Danish companies, including the smaller and medium-sized ones, have been hit by various forms of electronic attack methods, and you can always learn a little from the mistakes of others.

How does Tracelink identify and recognize its users?

If you are an administrator in Tracelink, you may have noticed that there have been new options and small extensions related to IT security. Perhaps you have had to reactivate an employee who has entered the wrong password too many times and subsequently been banned from the system. Measures such as these are put in place to ensure that only company personnel have access to data - no one else.

Your unique username and password protect your secure access to Tracelink and may only be used by you. The password is your personal code which ensures your personal user access. Repeated attempts to log in via your user will be registered and the user will be deactivated automatically after several repeated login errors.

As extra security, you must ensure that you use "two-factor authentication", which ensures that your login can only be used by you from your own approved mobile phones and computers.

The most important events and actions you as a user take in Tracelink are logged by us. Tracelink thus contains the necessary history if irregularities or serious errors occur. It is therefore crucial for the investigation of security breaches or irregular incidents that each user has their own unique access.

A username should never be shared by multiple users. We also recommend that you do not choose your initials as a username, nor a team name or a subdivision (e.g. lager@tracelink.dk), which hackers will easily be able to guess. You should always log out or ensure that the computer is locked when it is left - especially if several users use a shared computer.

We have collected a few good rules below that can help secure your data.

• Ask your administrator to set up your user so that two-factor authentication is turned on.
• If possible, do not use your initials as a username, but create your own unique username.
• Do not share your login information with others.
• Avoid reusing or using an obvious pattern in username/password.
• Do not write down physical information about your login (any note should be protected by a code, e.g. in your mobile).
• Always access the system via: https://tracelink.dk/admin (“https” guarantees an encrypted connection).

In the login window, you have the option to tick "Remember me on this PC". After this, Tracelink will automatically log the user in in the future on the same device. NOTE: Only use this on devices that you always have in your care.

Creation and administration of new users

When creating your Tracelink users, you can do a lot to maintain secure user access:

• First of all, be thorough when filling out the front page for the user. Fill in all fields and check once more that the information (email address and telephone number) you enter for the user is correct.
• Username: Use a random username instead of initials. Make it longer than 2 characters.
• Password: Use a unique password - also the first time - containing upper and lower case letters and special characters. The code must contain at least 8 characters, preferably many more. If you leave password- field empty, Tracelink generates a random and complex password itself, which is sent to the specified email address.
• Avoid a recognizable pattern when creating username and password. Make sure to vary the number of characters in both parts.
• Immediately deactivate a user who should no longer have access to Tracelink, e.g. in connection with resignation.
• Make changes for employees immediately, e.g. for a user who needs to change role from Admin to non-Admin.
• As an administrator, you should inform all your users about good security practices, cf. above. When handling a user's login information and password, you must ensure through thorough information to the user that only the employee in question gets to know the personal login information.
• As an administrator - see the recommendations of this guide or at the request of the employees - you can choose to strengthen security by changing one or more usernames. The user's history will still be found in logging.

Assignment of rights in Tracelink

Each time you as an administrator have created a new user, you must decide whether the user should also have the role of administrator (Adm) in Tracelink. An administrator basically has access to view and edit all data in Tracelink, incl. The CRM system, order management and the system's e-conomic integration. You should only grant administrator rights to the user(s) who absolutely need it.

August 2021