To protect your staff user's Caterbook and MMS accounts from unauthorised access, we have the following recommendations you can share with them on best practice around password security.
Where possible, do not use shared accounts.
Having a shared "reception" user may be convenient, but all too often in sites with even a modest staff turnover, when someone leaves the business the password isn't changed. This means that former employees could continue to log in and carry out malicious activity.
If you do allow multiple users to log in with the same account, then be sure to request a password reset using the "Forgot password" link on the login screen if someone leaves.
Use a strong Password.
When resetting your Caterbook password, you are required to choose something with a minimum of 12 characters, containing a mix of upper & lower case characters and numbers
Don't re-use the same password you use for logging in to something else.
Don't use something easy to remember (and guess) related to your business, like Thegrandhotel1.
It's best if this is something completely random, but that can be hard to remember.
For something easier to remember and harder to guess. you could use 3 random words, with for example the second or last letter of each word capitalised, with some random numbers between eg. coRner7anD3flAg.
Alternatively, use the first letters of a line in your favourite song with some numbers eg. Tbbo19Twcod42
(There'll be bluebirds over 19 The white cliffs of dover 42).
Remember, whilst 12 characters is the minimum, the more characters, the more difficult it would be to 'crack'.
Periodically change your password.
You should set a recurring reminder in your Google or Apple calendar to change your password every 90 days, so that in the event your password does become known to someone who shouldn't have it, they will no longer be able to gain access.
If at any time you suspect someone is accessing your account who shouldn't be, you should reset your password immediately.
Use Multi Factor Authentication.
Where your system supports it, use an additional step after entering your password. This could involve using an authenticator app (like Google's authenticator) or send an SMS message to your phone with a 6 digit one-time code.