Security awareness tips for your Paystack business

At Paystack, we care about your business and have several measures in place to safeguard your Paystack account from malicious actors, and we've highlighted a few security measures below to help protect your business even better. 

Your Paystack Dashboard allows you to add different types of users with varying access levels. It's important to give members of the business only the access they need. For instance, the Business Owner role is given to the person who created the business; there are no restrictions to what they can do. Because of the full admin privileges of the Business Owner on the Paystack Dashboard, it's important not to transfer access to someone who isn't a business owner.

In addition, all other members of your team should be assigned roles on the Dashboard based on their functions. This ensures that they have access to only the specific features their role requires.

When a team member changes their job function within your business or leaves it, remember to review or revoke their access to the Dashboard. To learn more about assigning roles to your team on the Paystack Dashboard, kindly read these detailed explainers on the available roles and how to add a teammate to your Dashboard.

If you need to share access to your Paystack Dashboard with an external team member e.g. for integration support, kindly only share access by sending an invite from your Dashboard. This is much safer than sharing your login credentials with them. Once the task for which you gave them access is complete, remember to disable their access.

You can invite someone from your Dashboard by clicking on "Settings" from the left-side menu and afterwards, click on "Team" from the options at the top of the page.

To reduce the risk of a malicious user guessing your credentials and gaining access to your account, use a passphrase or a complex password as your Paystack log-in credentials.

A passphrase is a sequence of words used for authentication. It is longer and more secure than a traditional password and easily exceeds the minimum password length. Passphrases are easier to remember than a set of random symbols and letters. You can find more info on how to create a passphrase here.

If you'd, however, prefer to use a password to log in to your Paystack account, we advise that you use a complex password. Combining uppercase, lowercase, numbers, and special characters with a minimum length of eight characters is recommended. An example of a complex password is 'A3j#brd5' (please don't use this). The more complex your password is, the lower the risk of your account falling victim to unwanted compromises.

In addition to using a passphrase or complex password for your Paystack business, you should further protect your account by enabling 2FA on your Dashboard and email.

With 2FA enabled, access to your account requires extra authentication that can only be obtained from a third-party application or via SMS. This means that if, for any reason, your password is compromised, there's an extra layer of protection for your business. You can read our detailed breakdown of 2FA and learn how to enable 2FA for your Paystack Dashboard here.

A security patch is an update pushed by software companies to mitigate vulnerabilities in their software.

To keep your Paystack account even safer from cyber threats, ensure that the operating system and applications running on the devices used to access the Dashboard are updated with the latest security patches. Keeping your devices updated with the latest security patches will help protect your business against malicious attacks.

Please feel free to reach out to us via email at support@paystack.com or via our contact form if you have any questions.