Best Practices in Laserfiche App Security
Laserfiche App provides on-the-go access to the Laserfiche repository. Yet, with mobility and convenience, come risks of the mobile device being stolen and confidential data falling into the wrong hands. Here are some best practices for configuring security within the Laserfiche App to make sure only authorized individuals have access to the documents stored in the Laserfiche repository.
Laserfiche App Security
Laserfiche App security is offered on two levels: user and administrator.
When a user logs out of the Laserfiche App, all data, including any open electronic documents, is immediately cleared from the device. In order to resume working, the user must log back into the Laserfiche App and download the electronic document again. Company policies should be set to remind users to log out when they are finished interacting with the Laserfiche App.
An extra layer of security, enforced by the server, is also available in the Laserfiche App. When configured by an administrator, these features (enabling automatic log-out and disabling automatic log-in and export) will automatically apply to all users. All these options are configured on the Laserfiche App Configuration page.
It is best practice to pair these security settings with the security features offered by the iPhone and iPad such as the “Auto-Lock” and “Passcode Lock” features (configured in the device’s Settings).
It is possible to configure the Laserfiche App to log out automatically after a certain period of inactivity. On automatic log-out, the app will close the current view and return to the login page. This not only removes all documents from the hard drive and memory, but also no longer shows the document or folder that the user was last viewing. In addition, all of the open documents (including electronic documents) will be wiped from the hard drive anytime the user minimizes the Laserfiche App.
These settings can be applied in the Security section on the Laserfiche Mobile Configuration page.
Enabling the automatic log-out option prevents unauthorized individuals from picking up an abandoned iPad or iPhone and being able to view anything stored in Laserfiche without first logging into the Laserfiche App. As noted above, if an administrator chooses not to enable this option, the device can still be cleaned out by logging out.
Users can enable a passcode for offline access, allowing users to view copies of offline documents securely. If this option is selected, a user will be required to set up and enter a passcode to access or save copies of offline documents. The passcode can be set up on the Settings page in the app. Users will not be able to turn the passcode off. If this option is not selected, the user can choose to passcode protect the document copies from the Settings page in the app. If the user changes the passcode, the copies of previously saved offline documents will be removed.
The Laserfiche App comes with the option to disable automatic log-in. This forces the user to type in the user name and password each time the Laserfiche App is opened.
Even though this may be less convenient for the user, disabling this function prevents outside users from just picking up the iPad or iPhone and having immediate access to the Laserfiche repositories. It is recommended to disable automatic log-in when using automatic log-out, though it can also be used independently. This can be done in the “Connection” section of the Laserfiche App Configuration page.
When an electronic document is exported from the Laserfiche App to another app, that new app takes control of the document and Laserfiche is no longer involved. In certain high security situations, exporting documents should be avoided. The “Disable export” feature in the Laserfiche App allows users to view electronic documents in the embedded the Laserfiche App document viewer, but prevents them from exporting the document and sending it to anyone else outside of Laserfiche. This option is configured in the Security section of the Laserfiche App Configuration page.
Note that disabling export is separate from taking away the user’s Export feature right. Even with this setting selected, users will still be able to take screenshots of the repository and open documents.
Limit User Access
Enabling automatic log-out and disabling automatic log-in and export affects all Laserfiche App users within an organization. Laserfiche App also allows the administrator to prevent certain users from accessing the repository with the app at all. It is possible, for example, to block the administrator or other high-powered users from accessing the repository with Laserfiche App. Like the similar feature in Laserfiche Web Access, this prevents a malicious user from forcefully gaining access.
This option is configured in the “Connection” section of the Laserfiche App Configuration page.
Want to learn more Laserfiche tips and tricks? Register for the Empower 2019 conference!