• Review the security log frequently to help identify suspicious activity.
• Never share credentials.
• Frequently review user accounts to ensure as few people have access to your data or your customer's data.

The security log records the following actions. The security log cannot be turned off.

• Adding a SuperOnly AppConfig through WSI
• Editing a SuperOnly AppConfig through WSI
• Deleting a SuperOnly AppConfig through WSI
• Changing a customer password through WSI
• Fail to change an AppConfig through WSI
• Running the ExecuteSQL through WSI
• Change Can View Credit Card Number setting in Admin Console
• Encrypt/decrypt web.config through admin Console
• Change EncryptKey through Admin Console
• Change MachineKey through Admin Console
• Viewing credit cards (several places within the Admin Console this is possible)
• Changing SuperOnly AppConfigs through the Admin Console
• Deleting SuperOnly AppConfigs through the Admin Console
• Changing admin levels in Admin Console
• Starting impersonation in Admin Console
• RunSQL in Admin Console
• Failed user login attempts
• Successful user login attempts
• Admin user logouts
• Admin user password changes
• Viewing the security log

Choose View Security Log from the Configuration menu. The Security Log window appears as shown below.