InTouch Security Awareness
The following information provides you with security & safety tips to protect you and your company when transacting business online using Tech Data’s website, InTouch.  Areas covered include;

Tech Data’s InTouch website includes a number of features to help you create and use secure passwords, but in addition, you should consider some of the following points when creating passwords for InTouch and other websites in general;
• Use complex passwords at least 8 characters long.
• Include both upper and lower case characters, for example PaSSword.
• Also, include numeric characters (numbers 0 – 9), for example PaSSw0rd
• For extra security include special characters (* $ - + ! ? , .), for example Pa$$w0rd!
InTouch only allows you to create a new password providing it includes a minimum of 8 characters, one of which must be numeric to ensure you create a strong password from day one.
• Never share your password with anyone, not even with your work colleagues because any fraudulent activity will be logged against your user account, for which you could be liable.
• Change your passwords frequently, at least every 6 months and its good practice to have one password per site, rather than use the same one for multiple sites.  If your password has been obtained, cyber thieves will usually attempt to use this in all your online accounts including social media sites, web shops, forums and email accounts.
• Change default passwords after registering for, or obtaining a new account as soon as possible, especially if you are not prompted to do so automatically, as with InTouch.  Default passwords are often well known and used in an attempt to access user accounts fraudulently.
• For more tips on creating complex and strong passwords, read the following article from Microsoft;

To help you understand how complex and strong the password you create for InTouch is, we will provide a visual indication of this as you type in your new password as follows;

Passwords are like underwear,
Don't leave them lying around,
Don't lend them to others, and more importantly....
....change them frequently!

It’s possible you will want to access your InTouch account from outside your usual office and potentially on an unsecure PC (i.e. a PC which is not your own).  If this is something you do to provide pricing during customer visits, Tech Data suggests you create a second log-in with minimal rights (e.g. view only access and no ordering rights).

Using your passwords on shared computers e.g. internet cafés and unknown PC’s can be dangerous as your account information and passwords are at risk from malware, key loggers and other means.

Tech Data advises the Reseller Admin/InTouch Supervisor of customer accounts to regularly manage/clean-up your InTouch users in your accounts.

Some tips include;

• Ensure you delete all company leavers as soon as they are no longer employed by your company.
This prevents unauthorised ordering against your account by non-employees. 
This prevents leavers who move to your competitors from accessing your cost prices which could provide them with a competitive advantage over you when quoting for the same business.

• Regularly check the InTouch rights of your current employees; ensure only authorised purchasers have the correct ordering and drop shipment rights to prevent unauthorised and fraudulent orders.
• Create an internal process whereby your InTouch account users are created against single, individual named company emails.

• Do not allow users to share accounts if possible and do not allow multi-user accounts to be created e.g. sales, purchasing etc.
This limits the control you have over who has access to your account; users leaving your employment could still be accessing the account and unauthorised users could have ordering and drop shipment rights.

A new Security feature of InTouch for Reseller Admin/InTouch Supervisors is the option to set automatic password change requests for users at point of log-in on a three monthly basis, in addition, InTouch will only accept a password which is deemed ‘strong’ as indicated by the password strength indicator described above.  Therefore, every three months when users log-in they will be asked to change their password, ensuring good security of their user accounts.

To set-up your InTouch account to request a user’s password to be changed every three months, simply open the InTouch Admin Tool, click the ‘Password Security’ check box and click the green arrow to save; 

It is also possible to configure InTouch access for your accounts at IP address/range level to further protect your InTouch account from fraudulent access.  Users with Reseller Admin/InTouch Supervisors can add an IP address/range to your InTouch account restricting InTouch access for ALL users to that IP address/range only.

To configure your preferred IP Address/Range settings, simply open the InTouch Admin Tool, enter the relevant IP address/range, select the correct IP type from the drop down menu and click the green arrow to save;

Please note;
• InTouch access for ALL users within the Reseller InTouch account is now restricted to this IP address/range only – access to InTouch outside of this IP address/range will be blocked, so field based users will not be able to access InTouch on site visits.
• If the user tries to access InTouch from outside the specified IP address/range more than 3 times their user account will be blocked and can only be unblocked by the Reseller Admin/InTouch Supervisor.
• If the company has an internet gateway with changing IP addresses this functionality should NOT be activated as users will NOT be able to access InTouch AT ALL.

InTouch also offers three levels of security against the active InTouch session (i.e. the period the user is active within InTouch between point of log-in and point of log-out), low, medium & high.  These security settings offer various levels of protection during the user session to prevent sessions being used by anyone other than the authorized user.

Each level offers a different number of checks based on IP address, browser and also includes automatic session timeouts to prevent a user session from being ‘stolen’.  Tech Data’s preference is for ALL users across Europe to use the HIGH Security Level for the best level of InTouch session security available.

To configure your preferred Session Protection Level, simply open the InTouch Admin Tool, select the Session Protection Level required from the drop-down menu and click the green arrow to save;

Please note;
• This changes the Session Protection Level for ALL InTouch users.

To protect both your account and InTouch against malicious attacks from the Internet, Tech Data have introduced input validation within text fields where you are requested to enter search terms or information specific to your order e.g. address details.

Firstly, unless otherwise required (such as in email addresses), most special characters cannot be entered as an input character within text fields, these include characters such as <, >, /, #, +, !, $, %, ^, &, * etc.

In addition, if we expect the field to only accept a specific character type, for example, a numeric in telephone number fields, then it will not be possible for you to enter non-numeric characters, this includes all alphabet characters (A to Z) and all special characters.