As calendar administrator, you’re the person who manages the calendar. Most of the time, that might simply mean adding events or updating the schedule. But the calendar admin is also the person who has access to and control over the calendar settings and manages calendar access. A big part of being calendar admin is keeping the calendar secure, in order to prevent data loss, unauthorized access, accidental changes, privacy breaches, or other issues.
Being calendar admin is a lot of responsibility, but a good foundation and smart routines will make your job much easier. We’ve gathered some best practices and tips here to help you in your role.
- Set up admin access
- Set up your user account
- Review all links and users
- Get to know calendar settings
Why security matters
If Teamup has been set up to be a critical part of your business, calendar security needs to be taken seriously, which is the responsibility of calendar administrators. Poor or compromised security can create big issues: accidental changes to calendar events, scheduling errors, loss of important information, confidentiality breaches, and even deletion of an entire calendar. At minimum, these issues create confusion, inefficiency, and a lot of extra work. And in some cases, the result might be loss of customers, data or revenue.
How access affects security
The best way to protect calendar security is to be conscientious about calendar access. Your job as calendar admin is to make sure that the people using the calendar have the right type of access with the appropriate permission for their role. Often, security issues aren’t caused by malicious intent but by the wrong type of access and simple mistakes:
- Sales team leader Anya needs to manage all the events for all the sales department’s sub-calendars. So she only needs modify permission for those calendars. However, she was given administrator access to the whole calendar, which includes all sub-calendars for all departments. While trying to organize things for her team, she goes to the calendar settings and deletes calendars and users from other departments. She thinks they were there by mistake and doesn’t realize she’s in the settings for the entire company calendar.
- Contractor Lin was hired to provide design help on two projects. Lin needs to see the timelines and assignments for those projects, and be able to add their own availability to the meeting schedule. But Lin was given access to all the departmental calendars and now they can see internal data and confidential client information on other project calendars. Instead, Lin should have read-only access to only the project calendars they’re involved in, and modify-my-events (or add-only) access to the meeting schedule.
- Crew member Bob only needs to view his own schedule, but he was given modify permission for all team member calendars. He could easily delete scheduled jobs for himself or other team members! Instead, Bob should have read-only permission to his own calendar only, so he can view his schedule but not change it.
Calendar links vs. account-based access
Shareable calendar links are convenient, and a great choice in some scenarios. However, it’s important to remember that a calendar link can be easily shared. You might create a link for one person, but that person could deliberately or accidentally share it with someone else. There’s no way to track who is using a calendar link. With account-based access, you have more security and control. User accounts are tied to a specific individual and verified via email.
We highly recommend using account-based access if limiting the access to identifiable users is important to your organization.
When you do need to use a shareable calendar link (e.g. for embedding a calendar or giving public calendar access), always be sure the permission is set appropriately. If using calendar links to give temporary or limited access (e.g. for contractors or clients), be sure to name the link specifically, set appropriate access permissions, and consider using password-protection for the link as well. When the link should no longer be in use, deactivate it.
Secure foundations for calendar admins
Set up admin access
If your calendar is more than a few years old, you might be using an administrator link rather than account-based admin access. You will have more secure access to your calendar with account-based access. Security tops the list of benefits that come with a Teamup user account.
Action steps:
- Check to see if your access is via link or user account.
- If using a link, switch to account-based access.
- If there are other calendar admins, make sure they have account-based access too.
- Once you are switched to account access, delete any administrator calendar links to prevent unauthorized access.
- Check that the primary contact for the calendar is updated to your email address (or another current administrator).
Set up your user account
Your Teamup user account is a secure access point for any Teamup calendar that’s shared with you, or that you create. Just log into your account, open your dashboard, and click to open any calendar. You should never share your account login information with others. (If someone does get access to your account, here’s how to re-secure it.)
Action steps:
- Learn how to add a calendar to the dashboard.
- Take a look at your account profile and make any updates needed.
- Make sure your user account has the correct primary email address.
- Enable two-factor authentication.
- Download the Teamup mobile app (iOS or Android) and log into your account for easy calendar access anywhere, anytime. Note that you cannot access the calendar settings on the Teamup app, only on a browser.
Review all links and users
With Teamup, you can share a calendar by setting up access through user accounts, or by creating a shareable calendar link. Links are a good way to give limited or temporary calendar access to an individual or group outside your organization. Secure links are also good for embedding a calendar. User access is the best way to give ongoing calendar access to people inside your organization.
Action steps:
- Learn more about choosing between account access and calendar links.
- Review all active calendar links and account-based users. Ensure that access permissions are appropriate.
- Do not give administrator access to people who just need to manage events. Instead, give them modify permission which allows them to control calendar events without access to the calendar settings. Restricting admin access is important to safeguard information (e.g. payment details), keep access secure, and prevent unauthorized changes (including the possibility of deleting the entire calendar).
- Deactivate or delete any links that are outdated or that you’re unsure about.
- Remove any users who should no longer have calendar access.
Get to know the calendar settings
The Settings on a Teamup Calendar are the “control center” for the calendar. They are only accessible in a browser with administrator access. Through the calendar settings, you’ll manage sub-calendars, users and links, notifications, billing, and more. You’ll also control the default calendar options through the settings. Note that calendar settings are different than account settings.
Action steps:
- Take a quick look at this overview of calendar settings.
- Set the default settings (e.g. time zone, calendar view, start date, etc.) for how the calendar is used most often.
- In the Subscription section, review payment details, subscription level, and billing contact to ensure everything is up-to-date.
Set up change notifications
Notifications can make your job easier by automatically letting people know about new events or changes to events. For example, the Daily Agenda can effectively delegate the work of saying, “Here are your tasks for the day.” Any calendar user can receive email notifications. As the calendar administrator, you can set up email notifications for any user (whether they have account-based access or a calendar link).
Action steps:
- You can enable account-based users to set up their own notifications.
- Review all active notification subscriptions and delete any outdated subscriptions.
- Learn how to set up notifications for users.
Smart routines for calendar admins
As a calendar admin, keeping calendar data secure is an ongoing part of your job. But it’s hard to remember everything and handle all the other tasks on your plate. Routines help by ensuring that you check the potential areas where security could be compromised on a regular basis. Schedule them into your calendar to prevent issues and keep things running smoothly.
Do regular reviews to ensure security
- Regularly review calendar access. Check all active users and calendar links. Make sure access level is set appropriately for active users/links. Remove users who should no longer have access, and delete out-dated links.
- Review notification subscriptions. Who’s getting notified about calendar events, and should they be? Delete subscriptions that shouldn’t be active.
Handle organizational changes
- Follow these steps when someone leaves. Bookmark the blog post and refer back to it when an employee leaves the organization or someone should no longer have calendar access.
- Follow these steps to change the calendar administrator. Before leaving your role as calendar admin, make sure you set up the next admin securely and adjust contact information.
Stay updated and optimize
- Review calendar setup and efficiency. Are there ways you could optimize the calendar for better and easier use? Get inspiration from user stories and quick tips on our blog.
- Check the Teamup Ticker for daily support tips straight from our support team. We also share news and updates there.
