Home
New To Everflow
Account Setup
Best Practices For Employee Security
Best Practices For Employee Security

SERIES:

How to Manage Employee Permissions & Roles

Best Practices For Employee Security

Learn best practices for securing your Everflow platform through advanced authentication, API controls, and monitoring tools that keep your business data protected.

Overview

Security in Everflow combines essential protections with advanced features to keep your business safe.

From strong passwords to API controls, each security layer helps protect your data while keeping work flowing smoothly. Let's look at the key security tools available to you.

Core Security Features

Password Requirements

Every account needs a password that has:

  • At least 8 characters
  • One or more letters
  • One or more numbers
  • Special characters recommended

Best Practices For Passwords

Create Everflow-specific passwords Reset immediately if compromise suspected Use "Forgot Password" in My Account for resets
Only Super Users can forcefully reset other users' passwords if needed. Reach out to them if you’re having issues with login and want to reset your password that way.

API Security Controls

‍Access API settings in Control Center -> Security -> API Keys to:
Store API keys securely Set up IP whitelisting Monitor API access regularly

IP Whitelist Setup

Navigate to Control Center -> Security -> API Whitelist Add authorized IP addresses Enable whitelist protection Regular whitelist review
Note If you do not have any entries in your API Whitelist, then API calls from all IPs are accepted. If you have one entry or more, only calls from the IPs in the list are accepted.

Advanced Security Features

Multi-Factor Authentication (MFA)

Add an extra layer of security using:

Navigate to Control Center -> Security -> Multi-Factor Authentication Enable Network MFA Choose between or both: Google Authenticator app SMS verification

Partner/Advertiser MFA:

  • Available upon request
  • Contact Customer Success for enablement

Automated Security Alerts

When a login from a new browser is detected in the Network Portal, an email notification is sent to the user.

This feature is enabled by default, but can be turned off by navigating to My Account -> My Notification Preferences -> Security section.
Alert Type Trigger Default Status New Login Login from unknown device Enabled API Key Creation When a new network API key is created, an email is sent to network administrators. Enabled

Login Protection

Everflow automatically helps prevent unauthorized access:

Limits failed login attempts to 5 tries Enforces 10-minute timeout after too many failures Sends alerts for new device logins Tracks all login activity

Activity Monitoring

Control Center -> Accounts -> History Log tab.
Track all platform modifications Filter by employee and timeframe Export logs for analysis Regular audit reviews

Quick Reference: Security Controls

Feature Location Notes Password Reset My Account -> Change Password Available to all users MFA Setup Control Center -> Security Self-service activation API Whitelist Control Center -> Security Recommended setup Login History Control Center -> Accounts -> History Log Full audit trail

Best Practices

Maintaining strong security in your Core Platform requires consistent attention to a few key areas. Start by regularly reviewing your user accounts and promptly deactivating any that are no longer needed - this simple housekeeping task significantly reduces potential security vulnerabilities. Make it a habit to periodically check login logs and security settings, looking for unusual patterns or outdated configurations that might compromise your data protection.

Your password management strategy plays a crucial role in platform security. Update passwords immediately if you notice any suspicious activity or potential compromise. Similarly, protect your API keys by storing them securely and implementing IP whitelisting to restrict access to trusted locations only.

For maximum protection, enable Multi-Factor Authentication for all team members who access the platform. This additional security layer proves invaluable in preventing unauthorized access, even if login credentials become compromised.

By integrating these security practices into your regular workflow, you'll create a more resilient defense system that protects your valuable marketing data while maintaining operational efficiency.

Security settings may require Super User access to modify.