InTouch Users - Fraud Awareness

Beware of online fraud:

TD SYNNEX UK has become aware from both outside parties and various internal departments and business units that a number of potential vendors have received fraudulent emails encouraging purchase orders to be raised from persons falsely representing themselves as TD SYNNEX representatives and employees in an effort to gain products and/or monies, or account information for fraudulent purposes. Vendors have reported receiving suspicious emails, including some from a yahoo.co.uk email account. We at TD SYNNEX would never email a potential vendor from such an email address.

Report Suspicious Activities or Information:

If you suspect you have been the victim of fraud, we would urge you to contact Action Fraud at www.actionfraud.co.uk

Please report suspicious activities to [email protected] or write to Corporate Security Manager, TD SYNNEX, Harrier Parkway, Magna Park, Leicestershire, LE17 4XT.

Please always follow safe business and computing practices to help and protect your information.

InTouch Users - Using your InTouch account securely when out of the office

It’s possible you will want to access your InTouch account from outside your usual office and potentially on an unsecure PC (i.e. a PC which is not your own). If this is something you do to provide pricing during customer visits, TD SYNNEX suggests you create a second log-in with minimal rights (e.g. view only access and no ordering rights).

Using your passwords on shared computers e.g. internet cafés and unknown PC’s can be dangerous as your account information and passwords are at risk from malware, key loggers and other means.

InTouch Users - Create and manage your InTouch passwords in a secure way

TD SYNNEX’s InTouch website includes a number of features to help you create and use secure passwords, but in addition, you should consider some of the following points when creating passwords for InTouch and other websites in general;

• Use complex passwords at least 8 characters long.
• Include both upper and lower case characters, for example PaSSword.
• Also, include numeric characters (numbers 0 – 9), for example PaSSw0rd
• For extra security include special characters (* $ - + ! ? , .), for example Pa$$w0rd!
  InTouch only allows you to create a new password providing it includes a minimum of 8 characters, one of which must be numeric to ensure you create a strong password from day one.
• Never share your password with anyone, not even with your work colleagues because any fraudulent activity will be logged against your user account, for which you could be liable.
• Change your passwords frequently, at least every 6 months and its good practice to have one password per site, rather than use the same one for multiple sites. If your password has been obtained, cyber thieves will usually attempt to use this in all your online accounts including social media sites, web shops, forums and email accounts.
• Change default passwords after registering for, or obtaining a new account as soon as possible, especially if you are not prompted to do so automatically, as with InTouch. Default passwords are often well known and used in an attempt to access user accounts fraudulently.
• For more tips on creating complex and strong passwords, read the following article from Microsoft; http://www.microsoft.com/security/online-privacy/passwords-create.aspx

To help you understand how complex and strong the password you create for InTouch is, we will provide a visual indication of this as you type in your new password as follows;

Passwords are like underwear, Don't leave them lying around, Don't lend them to others, and more importantly.... ....change them frequently!

InTouch Users - Using your InTouch account securely when out of the office

It’s possible you will want to access your InTouch account from outside your usual office and potentially on an unsecure PC (i.e. a PC which is not your own). If this is something you do to provide pricing during customer visits, TD SYNNEX suggests you create a second log-in with minimal rights (e.g. view only access and no ordering rights).

Using your passwords on shared computers e.g. internet cafés and unknown PC’s can be dangerous as your account information and passwords are at risk from malware, key loggers and other means.

InTouch Administrators - Manage your TD SYNNEX user accounts securely

TD SYNNEX advises the Reseller Admin/InTouch Supervisor of customer accounts to regularly manage/clean-up your InTouch users in your accounts.

Some tips include;

• Ensure you delete all company leavers as soon as they are no longer employed by your company. This prevents unauthorised ordering against your account by non-employees. This prevents leavers who move to your competitors from accessing your cost prices which could provide them with a competitive advantage over you when quoting for the same business.
• Regularly check the InTouch rights of your current employees; ensure only authorised purchasers have the correct ordering and drop shipment rights to prevent unauthorised and fraudulent orders.
• Create an internal process whereby your InTouch account users are created against single, individual named company emails.
• Do not allow users to share accounts if possible and do not allow multi-user accounts to be created e.g. sales, purchasing etc. This limits the control you have over who has access to your account; users leaving your employment could still be accessing the account and unauthorised users could have ordering and drop shipment rights.

Password Security - Automatic periodic password reset

A new Security feature of InTouch for Reseller Admin/InTouch Supervisors is the option to set automatic password change requests for users at point of log-in on a three monthly basis, in addition, InTouch will only accept a password which is deemed ‘strong’ as indicated by the password strength indicator described above. Therefore, every three months when users log-in they will be asked to change their password, ensuring good security of their user accounts.

To set-up your InTouch account to request a user’s password to be changed every three months, simply open the InTouch Admin Tool, click the ‘Password Security’ check box and click the green arrow to save;

IP Security - InTouch access limited to specified IP address/range

It is also possible to configure InTouch access for your accounts at IP address/range level to further protect your InTouch account from fraudulent access. Users with Reseller Admin/InTouch Supervisors can add an IP address/range to your InTouch account restricting InTouch access for ALL users to that IP address/range only.

To configure your preferred IP Address/Range settings, simply open the InTouch Admin Tool, enter the relevant IP address/range, select the correct IP type from the drop down menu and click the green arrow to save;

Please note;

• InTouch access for ALL users within the Reseller InTouch account is now restricted to this IP address/range only – access to InTouch outside of this IP address/range will be blocked, so field based users will not be able to access InTouch on site visits.
• If the user tries to access InTouch from outside the specified IP address/range more than 3 times their user account will be blocked and can only be unblocked by the Reseller Admin/InTouch Supervisor.
• If the company has an internet gateway with changing IP addresses this functionality should NOT be activated as users will NOT be able to access InTouch AT ALL.

Text field input validation

To protect both your account and InTouch against malicious attacks from the Internet, TD SYNNEX have introduced input validation within text fields where you are requested to enter search terms or information specific to your order e.g. address details.

Firstly, unless otherwise required (such as in email addresses), most special characters cannot be entered as an input character within text fields, these include characters such as <, >, /, #, +, !, $, %, ^, &, * etc.

In addition, if we expect the field to only accept a specific character type, for example, a numeric in telephone number fields, then it will not be possible for you to enter non-numeric characters, this includes all alphabet characters (A to Z) and all special characters.