Bitrix24 Security Basics: 5 most important security settings


Have you ever wondered if any of the data inside your Bitrix24 is leaking out? Is your system safe? Has there been any account hijacking in the past or is any of our user accounts currently hijacked?

Regardless of whether you're been using Bitrix24 for some time now or just opened your company account, security is one of the crucial aspects of your CRM.

In this post we'll show you the basics of security in Bitrix24, in order to ensure safety of the system and security of the most important asset in Bitrix24 - the data itself.

This post covers the basic principles. Feel free to seek our help and advice for additional security measurements to make sure your account is as safe as it can be and that your data remains unleaked.

If you would like to receive our Bitrix24 tips & tricks news in your mailbox, simply sign up below.

1. Two-factor authentication

Two-factor authentication is rapidly becoming a standard in software industry. Bitrix24 development team has given you an opportunity to implement it inside Bitrix24. Visit your "Settings" page and down below find information on how to turn on two-factor authentication.

2. IP restriction

If you have a company VPN or only want to allow users to visit Bitrix24 from inside your local network, you can enable that Bitrix24 can be visited from only those IP addresses on the list. You may have noticed that we've outlined this feature in the screenshot above (company settings), alongside two-factor authentication.

3. Disallowing public links

If you want to make sure none of the users can share the documents and other data from inside Bitrix24 with the outside world, simply uncheck the option "Allow public links" inside "Settings" page.

4. Intrusion detection and proactive filtering

If you're using Bitrix24 on-premise, make sure your intrusion detection is turned on and that proactive filtering is active. An intrusion log is there to help you with the history of mitigated threats.

5. Admin accounts and dismissed employees

Often overlooked by Bitrix24 owners, list of admin accounts is should be of top priority. It is often a case where user is given administration rights in order to solve some operation that owner was unable to, and afterwards erasure of admin rights is forgotten. In very similar case, users are sometimes given administration rights because the owners thought it could be easier for them to overlook everything. With administration rights you have given an access to all parts of Bitrix24, so make sure that only owner and persons designated to look after security have these rights. It is also often a case where we see dismissed employees still active inside Bitrix24, because user administrator forgot to dismiss them. We advise to include Bitrix24 employee dismissal as a part of employee dismissal protocol inside your company. That way you can rest surely knowing that access has been denied to all those who have left your organisation.


We hope that these 5 tips have given you a good insight in basic security for your Bitrix24 company portal. As an official Bitrix24 partner, we offer security assessments and additional services to help you maintain the security aspect of your account. Feel free to reach out to us!

Need our assistance in keeping your Bitrix24 secure?

CRM data has mid-range to top priority and confidentiality - reach out to us so we can help you mitigate potential risks of data leakage