Protect your workflows and data with these essential security practices.
Essential Security Practices
While WorkflowHero provides enterprise-grade security features, following these best practices will help you maximize the protection of your data and workflows.
MFA adds an extra layer of security by requiring a second form of verification beyond your password.
Monitor Account Activity
Regularly review your audit logs for any suspicious activity. Report unauthorized access immediately.
Data Classification
Properly classify your documents and workflows:
Public: Information that can be freely shared
Internal: Standard business information (default)
Confidential: Sensitive business information
Restricted: Highly sensitive data requiring maximum protection
Access Management
Follow the principle of least privilege:
Grant users the minimum permissions needed for their role
Use Viewer role for stakeholders who only need visibility
Use Member role for active contributors
Reserve Admin role for trusted team leads
Regularly review and update member permissions
Remove access immediately when team members leave
Document Security
Protect sensitive documents:
Always set appropriate confidentiality levels when uploading
Avoid uploading documents with passwords in plain text
Use descriptive tags for better organization and access control
Regularly audit who has access to sensitive documents
Delete obsolete documents to reduce attack surface
Workflow Security
Secure your workflow processes:
Use mandatory sign-offs for critical approval stages
Enable digital signatures for audit compliance
Review audit logs to track all workflow actions
Set appropriate due dates to prevent workflow stagnation
Use rejection reasons to maintain clear audit trails
Team Collaboration Security
Secure team communications:
Avoid including sensitive information in comments
Use @mentions to ensure only relevant parties are notified
Regularly review team membership and remove inactive users
Be cautious when inviting external collaborators
Educate team members on social engineering risks
Session Security
Protect your active sessions:
Always log out when using shared computers
Don't save passwords in browsers on shared devices
Close browser tabs when finished working
Sessions expire automatically after inactivity
Report suspicious session activity immediately
Network Security
Secure your connection:
Avoid using WorkflowHero on public Wi-Fi without VPN
Ensure your connection uses HTTPS (look for the lock icon)
Keep your operating system and browser updated
Use reputable antivirus software
Be wary of phishing attempts asking for credentials
Incident Response
If you suspect a security incident:
Immediately change your password
Review your audit logs for unauthorized activity
Notify your organization admin
Contact our security team at craftycrackle@craftycrackle.onmicrosoft.com
Document what happened and when you noticed it
Mobile Security
When accessing WorkflowHero on mobile devices:
Use device lock screens with strong PINs or biometrics
Keep your mobile OS and apps updated
Avoid jailbroken or rooted devices
Use official app stores only
Enable remote wipe capabilities for lost devices
Compliance Considerations
For regulated industries:
Understand your organization's regulatory requirements
Use appropriate confidentiality levels for regulated data
Regularly review and export audit logs
Train team members on compliance obligations
Contact us for compliance documentation and support
Report Security Concerns
If you discover a security vulnerability or have security concerns, please email us immediately at craftycrackle@craftycrackle.onmicrosoft.com. We take all security reports seriously and will respond promptly.