Back to Documentation
Best Practices

Security Guidelines

Protect your landscape architecture practice and client data with enterprise-grade security practices.

Account Security

Your Smthy account is the gateway to all your project data. Keep it secure with these essential practices.

Strong Password Requirements

  • • Minimum 12 characters with mix of letters, numbers, symbols
  • • Unique password not used for other accounts
  • • Use a reputable password manager (1Password, Bitwarden)
  • • Change password immediately if you suspect compromise

Two-Factor Authentication (2FA)

Enable 2FA for an extra layer of security. Even if someone gets your password, they can't access your account.

  • • Use authenticator apps (Google Authenticator, Authy) rather than SMS
  • • Keep backup codes in a secure location
  • • Set up 2FA for all team members

Client Data Protection

Protect sensitive client information and maintain professional confidentiality standards.

Sensitive Information

  • • Client contact details and addresses
  • • Project budgets and financial information
  • • Site access codes and security details
  • • Personal client preferences and notes

Access Controls

  • • Limit team access to need-to-know basis
  • • Review permissions regularly
  • • Remove access for departed team members
  • • Use role-based permissions

Australian Privacy Requirements

  • Privacy Act 1988: Protects personal information
  • Notifiable Data Breaches: Must report serious breaches
  • Client Consent: Get permission before sharing data
  • Data Retention: Keep only as long as necessary

Team Security Practices

Ensure all team members follow security best practices to protect your practice.

Device Security

  • • Use device lock screens with PINs or biometrics
  • • Keep operating systems and apps updated
  • • Don't save passwords in browsers on shared devices
  • • Log out of Smthy when using public computers

Public Wi-Fi Precautions

  • • Avoid accessing sensitive data on public Wi-Fi
  • • Use VPN when working remotely
  • • Verify network names before connecting
  • • Use mobile hotspot instead when possible

Document Security

Protect project documents and client information throughout the entire project lifecycle.

Secure Document Handling

  • • Upload documents directly to Smthy rather than email
  • • Use password-protected PDFs for sensitive information
  • • Avoid storing documents on unsecured cloud services
  • • Delete local copies after uploading to Smthy

Sharing Best Practices

  • • Use Smthy's secure sharing links instead of email attachments
  • • Set expiry dates on shared links
  • • Require passwords for sensitive document shares
  • • Monitor who has accessed shared documents

Common Security Threats

Be aware of these common security threats targeting Australian businesses.

Phishing Attacks

Fake emails designed to steal your login credentials or install malware.

  • • Always check sender addresses carefully
  • • Don't click links in suspicious emails
  • • Verify requests by calling the sender directly
  • • Report phishing attempts to your IT support

Social Engineering

Attackers impersonating clients, suppliers, or support staff to gain access.

  • • Verify identity through known contact methods
  • • Be suspicious of urgent requests for information
  • • Don't provide passwords or access over the phone
  • • Train team members to recognise social engineering

Ransomware

Malware that encrypts your files and demands payment for recovery.

  • • Keep regular backups of important data
  • • Don't open suspicious email attachments
  • • Keep software updated with security patches
  • • Have an incident response plan ready

Security Incident Response

Know what to do if you suspect a security breach or incident.

Immediate Actions

  1. Change your Smthy password immediately
  2. Log out of all devices and sessions
  3. Contact Smthy support to report the incident
  4. Document what happened and when
  5. Check for any unauthorised changes to projects

Follow-up Actions

  • • Review access logs and activity history
  • • Update security settings and permissions
  • • Notify affected clients if their data was compromised
  • • Consider reporting to Australian Cyber Security Centre
  • • Review and improve security practices

Australian Compliance Requirements

Understand your legal obligations for protecting client data in Australia.

Privacy Act 1988

  • • Collect only necessary personal information
  • • Inform clients how their data will be used
  • • Keep personal information secure
  • • Allow clients to access their information

Notifiable Data Breaches

  • • Report eligible breaches within 72 hours
  • • Notify affected individuals
  • • Keep records of all data breaches
  • • Have breach response procedures ready

Monthly Security Checklist

Use this checklist to maintain good security hygiene for your practice.

Review team member access and permissions
Check for and install software updates
Review shared document links and expiry dates
Verify backup systems are working
Review activity logs for unusual access
Update team security training

What's Next?

With security best practices in place, learn how to optimise Smthy's performance for your workflow.