Skip to content
English
More support Customer portal
Home
  • There are no suggestions because the search field is empty.

Security Best Practices for Essal Office Users

Essal Office stores potentially sensitive business documents — invoices, contracts, HR files, legal records. This guide covers the good security habits that protect your data.

Use a Strong, Unique Password

Your Essal Office password should be:

  • At least 12 characters long
  • A random mix of letters (upper and lower case), numbers, and symbols
  • Not used on any other service or website

The simplest way to manage strong unique passwords is to use a password manager. It generates and stores passwords securely so you don't need to remember them.

Never Share Your Login Credentials

Your username and password are personal to your account. Do not share them with colleagues. If a colleague needs access to Essal Office, an admin should create a separate account for them.

If someone else uses your account, any changes they make — including deletions or data exports — will appear in logs as your activity.

Log Out on Shared Computers

If you use Essal Office on a shared or public computer, always log out when you are finished. Do not use the "Remember me" option on shared devices.

Be Cautious with Share Links

Share links give anyone with the URL access to a document — with no login required. Before creating a share link:

  • Confirm the document does not contain information that should remain confidential
  • Only share the link with people who actually need it
  • Revoke the link as soon as it is no longer needed

Report Unexpected Account Activity

If you notice any of the following, report it to your administrator immediately:

  • Documents you did not create appearing in your account
  • Documents that were deleted without your knowledge
  • Login notifications from locations or times you do not recognise
  • Changes to your profile settings you did not make

Keep Your Email Address Current

Password reset instructions are sent to your registered email. If your email is outdated, you may be locked out of your account. Keep it up to date in your profile settings.

For Administrators: Principle of Least Privilege

Grant users only the access they need for their role — nothing more. Regular read-only users should not have admin privileges. The fewer superuser accounts, the lower the risk from any single compromised account.

Review user accounts periodically: - Deactivate accounts for staff who have left - Remove users from groups they no longer need - Audit the list of active tokens

For Administrators: Secure Your Admin Accounts

Admin and superuser accounts have the highest risk profile. Ensure:

  • Admin accounts use strong, unique passwords
  • Admin accounts are only used for admin tasks (not daily document work)
  • The number of superuser accounts is kept to a minimum (1–2 maximum)