As we continue to improve our flagship software, we keep a keen eye on security and what’s happening in the industry and the world around us. With that in mind, in the next few releases you will see several new security-oriented features that will ensure your eStratEx experience continues to be safe and secure. Here’s an overview of what to expect:
1) When eStratEx pioneered the HR SaaS concept, many employees were not comfortable with the concept of self-service. Therefore, our default Manager role enabled the managers to help employees with pay stubs, name and SSN, and direct deposit information unless you asked for a custom Manager role without those options. These days, the majority of employees are comfortable with self-service, and so, in the near future, we will flip our assumption: employees will manage their own pay stubs, name, and direct deposits and the default Manager role will not have access to change this information unless you ask for a custom role so that they can. If you have a custom Manager role that has this access but you would like to remove it, please reach out to us. We will reach out to clients that are using default Manager roles in case they need a new custom role with this access.
2) Users will need to change their passwords at least every six months. Once this update is released, anyone that has not changed their password in the past six months will be asked to change it. If you would like employees to change their passwords every 30 or 90 days, reach out to us and we can customize this time frame for you. To avoid a rush of password help requests after the next release, we advise you to reach out to all employees and ask them to proactively change their passwords if they have not done so recently.
3) We will be rolling out two factor authentication to HR+ users. If you are an HR Admin, you will be emailed a code the first time you login in a given day and you will need to enter the code to continue with the login process. While two factor authentication will be required of all HR+ users, you will optionally have the ability to enforce the same rules to your managers as well.
4) In conjunction with number 3, you will be able to limit HR+ users and/or managers to login from specific IP addresses. For example, you may elect to only allow HR+ access from your corporate offices. This functionality will be optional and configurable by you directly in the system.
We will always be looking at our processes and policies to ensure a productive and safe experience for all of our users. If you have feedback or suggestions for these or any other changes, please do not hesitate to reach out to us at firstname.lastname@example.org.