It is important to remember that each institution has its own Music Monitor server and is ultimately responsible for its security and the data held on it. On that note, some things to think through and consider are:
Backup
Make sure your IT have comprehensive backups running on your Music Monitor server. This ensures you don’t lose your data.
Password Security
Stolen or guessed passwords are the easiest way for hackers to access data in systems.
Not having an SSL certificate uploaded to FileMaker Server is a major security compromise! Uploading an SSL certificate is a task for your IT - make sure they have done it. The easiest way to check is to look for a green, checked padlock icon at the corner of your screen when logged into Music Monitor.
Music Monitor can use external authentication for single sign-on. Tell your IT this is possible - it can be much more secure. (See External Authentication Setup & the Claris Help Site).
It is best to have strict password requirements on in the general settings.
Usage Policies
No one should be using an ‘Admin’ privilege set account for day-to-day purposes. It should only be used by a limited set of staff, and only for cases where it is necessary to (carefully) over-ride the settings that prevent old records from being edited.
Check your login accounts regularly. Make sure that accounts for past staff are deleted and that the privilege sets for current staff are appropriate.
The teachers can date and digitally sign their attendance rolls on completion. This should be something you enforce with them. (Every time an attendance record is marked, Music Monitor records who marked it and when. This is a great backup 'signature'.)
Don’t edit old invoices. Make sure that once a month’s journal has been run, that month’s line items are not edited. If they absolutely must be make sure the journal is re-run and that your account software has been updated with the changes.
If you edit a line in the salaries module, make sure that the equivalent change has been made in the attendance records as well and that the comment on the attendance record describes the change and date of change.
Personal Information
The contact details imported from your student database to Music Monitor can be customised. Consider whether all fields imported should be imported. Do you need student home addresses in Music Monitor? If not, don't import them - that way that data can't be lost in a hack or breech.
Consider what data would be best to delete regularly. If you don’t need particular personal and contact details (such as addresses for past students) it may be best to delete that data so it can’t be lost in a hack or breech. Likewise with otherwise critical data after minimum retention periods have passed.
Data Quality
Make sure that data is being entered consistently and correctly. Billing, salaries, and attendance records can be particularly problematic if different staff enter data different ways.
For attendance, make sure that make-up lessons are being entered in the correct week, with the correct date and time and that the attendance marks used for the make-up lesson and the originally scheduled lesson and clear.
For billing, make sure that consistent descriptions are used. If you have refunds or write-off to enter, make sure they are done according to the guidelines on our help site.
Comments and Note fields are underused! The comments on attendance records are often the most important part for future reference.
Notes around most of the system allow for attachments. Attaching emails to notes can be a great way of cataloguing communication. The Notes on enrolment and student record can be particularly powerful.
There is much more to consider than the above. It's always worth brainstorming how you can make your data more secure and your system more secure.