Keep accounts up to date
An important aspect of managing any online product is to ensure that users accounts that access the site are current and have an appropriate level of access.
We all have a role to play in ensuring these are kept up to date for GovCMS websites.
Review user accounts in your website
As a site owner, you should regularly review "who" has access to your site. Staff that have moved on, changed roles and no longer need access should have their accounts disabled and/or removed. Regularly reviewing these accounts helps to minimise risk around unauthorised access to your site.
Site Administrators can review user access from the People page when logged into their website.
Review user access in your website
On top of reviewing accounts in your site, who should also review the access that your users have. Access is based on roles within GovCMS sites. Ensuring that users have the right level of access for their role is important.
For example, a user that only creates events for upcoming information sessions shouldn't have access to change site settings or delete legal content.
Site Administrators can review user access from the People page when logged into their website.
Review user accounts in your code base
Making changes to your site's code base, such as your site's theme is done separately to editing content in your site. This means you can have different access and different users to make those changes.
These should also be regularly reviewed and removed/added as needed. SaaS customers can request adding and removing users to your code base via the GovCMS Service Desk - ensure you include their names and email addresses in your ticket.
Review user accounts in the GovCMS Service Desk
It's important to keep contact details up to date in the GovCMS Service Desk. This allows you and your team to contact GovCMS with enquiries on your site and raise relevant access tickets. The GovCMS Service Desk is the primary way in which to contact GovCMS regarding questions or issues with sites.
Keeping your contacts up to date means if we need to contact you quickly then we have the right names, numbers and emails. For those with multiple sites, having a primary contact for each means we can delineate between different owners and stakeholders.
Site owners can also include their development partners as contacts for sites to raise tickets, if needed. Adding development partners to accounts requires agency approval and can be requested via the GovCMS Service Desk.
Review user access in your code base
Platform as a Service (PaaS) sites can have different roles for users in their code base. Similar to user accounts and roles for editing content in a site, these should be considered in the context of what type of work developers are doing. You can request adding and removing users to your code base via the GovCMS Service Desk - ensure you include their names and email addresses.
Consider Two Factor Authentication (TFA/2FA/MFA)
Platform as a Service (PaaS) sites can have different roles for users in their code base. Similar to user accounts and roles for editing content in a site, these should be considered in the context of what type of work developers are doing. You can request adding and removing users to your code base via the GovCMS Service Desk - ensure you include their names and email addresses.
Consider Two Factor Authentication
Using Two Factor Authentication (TFA or 2FA), sometimes listed as Multi Factor Authentication (MFA) adds an extra layer of security to user accounts when logging into your site.
The Australian Cyber Security Centre recommends implementing MFA as a way to protect against unauthorised access. If you aren't using Two Factor Authentication on your site, it's one of the best ways to improve your security for users. PaaS Site Administrators can enable and self-manage (TFA).
Connect with your IT Security Advisor
Establishing a relationship with your agency's IT Security Advisor (ITSA) and team helps to ensure if and when issues arise, communication can be front and centre of a situation. There's benefits in information sharing, understanding of GovCMS processes and technology stack as well as an understanding of the different roles and responsibilities between site owners, GovCMS and ITSAs.
Stay informed
Site owners and interested parties can keep an eye on GovCMS by subscribing to our GovCMS agency updates, can see and subscribe to our platform status updates, raise questions via the GovCMS Service Desk or our contact us form.