What’s in this article?
This document aims to give our clients/customers a self-help guide with both tips, and guidelines on 2 different levels so they can distribute to the users, and the other account admins, to standardize processes.
Part 1: Best Security Practices For Users
Bear in mind that even within your organization, you should protect any content that might display an end user’s private information or sensitive content related to your role that can’t be shared internally.
This can be done in several ways:
Review your company’s security and compliance rules to ensure compliance.
After creating an item (screenshot, video, GIF), make sure that you use the annotation tool to blur any private information.
Here’s additional information about blurring.
Set sensitive content to expire automatically in tandem with, or instead of, blurring. This will add another layer of security as the recipient will not have access after a period determined by you or your team. You can do that individually (see GIF below) or from the template menu if you want to set up default security settings.
You can also determine several security levels:
a. Anyone with the link can view
b. Anyone with the link and passcode can view
c. Anyone can view in your organization
d. Anyone can edit in your organization
e. Anyone as long they give their email address can view
f. Only emailed people can view
Check regularly for updates in the Desktop App. Here’s how to do it.
Part 2: Security Tools For Admins*
*Please confirm your Zight plan as some of these features are exclusively available to our Enterprise plan.
Regulatory Corporate Security Requirements
Zight software complies with SOC2 and has the most used security tools in the market:
SS5O (Okta, One Login, Google)
You can learn more about these tools and how to set them properly here.
Security Best Practices For Everyday Use And Productivity Enhancement
There are several good practices for your periodical due diligence, and for time-saving:
- Creating templates with different security settings according to the groups who use Zight. If you, as an Admin, set up the security settings using a template, you can help your teams save time and prevent them from accidentally disclosing private information. Here’s a video on how to do it.
- Verify periodically that tools like SSO function properly after updates from any party
- Deprovision Zight Admins as soon as they are no longer with the company. Consult with your SCIM service provider for further info on how to provision and de-provision.
- Inform Zight of any Admin and, Account Owner changes as soon as they are relieved from their roles via Zight support at firstname.lastname@example.org.
Accessing your Admin Security Settings
Here’s a quick overview of where to find which security setting in your Zight Admin Settings panel:
Members: Domain Lockdown, Auto Join
Authentication: SSO, SCIM
Files: Global file-sharing settings
Customize: Viewer configuration (enabling/disabling downloadable content, comments & reactions)