XF 2.2 Keeping user data secure?

[Flounder70]

Probably a silly question, but I have to ask.

I'm very new and getting close to ending my testing phase. Registration will only be for coworkers and I will be requiring company email and employee number. Nothing too important, but still.

I was reading the Privacy Policy. It says,

Keeping your data secure​

We are committed to ensuring that any information you provide to us is secure. In order to prevent unauthorized access or disclosure, we have put in place suitable measures and procedures to safeguard and secure the information that we collect.

Suitable measures?? Any liability for me here? Is putting a password on my server and database enough?

Thanks.

 

[Mendalla]

Are you hosting externally or internally to your organization's network? If the latter, could you filter on address to only enable local users and users on VPN connections to access the system? We do that for web-based internal systems in my organization. Even externally, you might be able to do something like that. Clouds are getting pretty sophisticated with their security policies.

But, yeah, make sure you have secure passwords on the server and db server regardless.

 

[Flounder70]

Thanks! I am just an independent coworker trying to make a forum for us schlubs to talk about various things. No organization support at all.

I'm not terribly worried about this but thought I'd ask anyway.

 

[Mendalla]

Thanks! I am just an independent coworker trying to make a forum for us schlubs to talk about various things. No organization support at all.

I'm not terribly worried about this but thought I'd ask anyway.

Then strong passwords for any admin accounts, both server and db. And your Xenforo superadmin as well. Use MFA where possible.