It's important to secure your Bloc Organization Account as it grants full control over your business on Bloc, including modifying or deleting the business, and adding or removing people from the member list. Admins can edit and manage all members and assets, so pay careful attention to who gets admin access.
Tips for managing admin access
Carefully control who has admin access to your Organization Account.
Limit Admin Access: Reduce the number of admins on both the Organization Account and all Business + ad accounts. Have at least 2+ Organization Account Admins to avoid loss of access.
Validate Admins: Ensure all Organization Account admin users are valid and under the client's control (e.g., Email, Phone, Authenticator Account, Linked Google Account, Linked Bloc Account).
Invite Company Members Only: Only invite members of your own company to the Organization Account.
Tips for managing your password
Enforce strong and unique password policies for all admin users.
Strong Passwords: Request that all admin users have strong/complex passwords that are not used on other websites or apps, or shared among coworkers. A strong password is at least 6-20 characters, combining numbers, letters, and special characters.
Unique Passwords: Use a different password for each of the important accounts and update them regularly.
Tips for enhanced account security measures
Implement additional security measures to protect your Organization Account.
2-Step Verification: Enhance security by requesting all members to turn on 2-step verification. Learn more about 2-step verification for Organization Accounts.
Email Domain Allowlist: Enable Email Domain Allowlist to restrict access to specific domains. Learn more about how to create an email domain allowlist in Organization Accounts.
HTTP Vigilance: Be vigilant towards HTTP URLs, suspicious emails, and suspicious calls.
Tips for account reviews and account monitoring
Regularly review and monitor access and activities within your Organization Account.
Review Access: Regularly review who has access to your Organization Account.
Check for Unauthorized Changes: Monitor for any unauthorized changes in the Organization Account.
Remove Inactive Users: Remove inactive users to maintain security.
Minimum Access: Grant the minimum access needed for each user to perform their job functions. Learn how to adjust roles in your Organization Account.
Review Related Accounts: Review related Organization Account and Creator Marketplace accounts.
Tips for taking extra security measures
Leverage Bloc's built-in security measures to protect your Organization Account.
Invitation Warnings: Bloc for Business has measures in place that will warn you, require additional verification, or may directly intercept when inviting other members, ad accounts, or assigning admin permissions.
Confirm Invitations: Ensure all invitations under the Organization Accounts are valid and sent by authorized individuals.
Validate Members and Partners: Ensure all Organization members and partners are valid; remove invalid users and partner Organizations as soon as possible.
What to do if your account is compromised
If your account is compromised, we'll suspend your account to secure and prevent further compromised access. After conducting an investigation, we'll notify you about the results and actions you may take to regain control of your account, as well as process reimbursements for any charges that resulted from unauthorized activity. In the meantime, we highly recommend that you take all relevant steps to further protect your account.
Managed clients: If you suspect that your account is compromised, you should contact your Account Manager immediately.
Unmanaged clients: If you suspect that your account is compromised, you should contact customer support immediately.
For additional information on how to protect your accounts, please review our best practices for securing your Bloc for Business account.
