We’ve always been concerned about security but recently have been looking at it closely.
We moved Cloud Appointments onto using HTTPS a while back.
This means that all communications between your web browser and our servers are sent in an encrypted format.
So whether you’re using your system or the demo system you’ll see a Secure tag in the web address bar.
Click the tag to show you more information;
Servers & Settings
Partly due to performance considerations and partly for security reasons Cloud Appointments uses dedicated physical (not virtual) servers in an Auckland secure location.
The Cloud Appointments software was been written with security in mind and it complies with current security recommendations.
When we created a Cloud Appointments system for you it was assigned a unique web address.
If someone wants to login to your system they need to know its web address as well as a login username and password.
Therefore, we recommend that you only supply your system’s web address to people who actually need it.
Licensing & Logins
Our licensing system is based on paying for the maximum number of people that will be logged into the system at one time.
So if your licensing is ok then you can have as many logins as you want (contact System Support).
But bear in mind that each login is a potential access point to your system and data.
Please don’t share logins as it;
- Makes it hard to track who updated what data on the system
- Interferes with the storing of personal settings
- Confuses the licensing functionality
Unfortunately most data breaches are caused by people working within an organisation and, whilst this is usually in larger businesses than yours, it still is something to be aware of.
Do please remember to logout of the system when you’ve finished using it and especially overnight.
If someone knew your system’s web address and your username then, if they were allowed to, they could try all the possible combinations and eventually find out your password.
Therefore the system only allows a limited number of password entry failures.
If a login fails more than a certain number of times then the login account is locked and no login (even with a valid password) will succeed.
Have a look at the online help topic ‘Unable to login to system ?’ as to how to fix a locked account.
Staff Join or Leave
Have a look at the online help topics;
- ‘Consultant Joins or Leaves’ for consultants
- ‘Staff Join or Leave’ for other staff
Login usernames cannot be changed.
Passwords are a more complicated topic and the recommended rules for setting and maintaining passwords are now less clear than they used to be.
Previously it was recommended that you change your passwords on a regular basis e.g. Once every month, three months or six months.
But research has determined that when people are forced to change their passwords on a regular basis they tend to use a weaker (more crackable) password and change it by one or more characters. e.g. ‘passwordA’ to ‘passwordB’
So we recommend that you;
- Do change your password on a regular basis
- Use a strong password
The system does not dictate you specify a strong password for your login accounts.
Google’s definition for the requirements of a strong password is available here.
There are many other strong password definitions if you search for them, they vary in practicality.
An alternative is to use a password manager.
My personal preference is KeePass which is simple, secure and free.
Using one of these makes it easy to generate a strong password and store it securely.
We try very hard to keep your system and data secure.
But we do need you to look after the areas that we cannot be responsible for – your login accounts and passwords.