System Security – Approaches & Insights
We work to ensure your system remains secure and thought you’d like some insights into our approaches and recommendations.
HTTPS
Cloud Appointments uses HTTPS for all its communications.
This means that all network data traffic between your web browser and our servers are sent in an encrypted, unreadable, format.
So whether you’re using your system or the demo system you’ll see a Secure tag in the web address bar.
Click the tag to show you more information;
Servers & Settings
Partly for performance and partly for security reasons Cloud Appointments has its own physical (not virtual) servers in an Auckland secure location.
The Cloud Appointments software has been written with security in mind and it complies with current security recommendations.
Web Address
When we created a Cloud Appointments system for you it was assigned a unique web address.
If someone wants to login into your system they’ll need to know its web address as well as a login username and password.
Therefore, please only pass your Cloud Appointments system web address on to people who actually need it.
Licensing & Logins
Our licensing system is based on the maximum number of active consultants you have on your system.
If your licensing allows it then you can have as many logins as you want.
But bear in mind that each login is an access point to your system and its data so needs to be managed with security in mind.
Please don’t share logins as it;
- Makes it hard to track who updated data on the system
- Interferes with the storing of personal settings
- Confuses the licensing functionality
When staff change have a look at the online help topics;
- Consultants, Consultant Joins or Leaves
- Staff Join or Leave – Logins
Logout
Most data breaches are caused by the people who actually work for that business.
Whilst this is usually occurs in larger businesses, it is still something you should be aware of.
Do please remember to logout of the system when you’ve finished using it and especially overnight.
Failed Logins
If someone knew your system’s web address and username then, if allowed, they could try all the possible combinations and eventually find out your password.
Therefore the system only allows a limited number of password entry failures.
If a login fails more than a certain number of times then the login account is locked and no login (even with a valid password) will succeed.
Have a look at the online help topic ‘Unable to login to system ?’ as to how to fix a locked account.
Staff Join or Leave
Have a look at the online help topics;
- ‘Consultant Joins or Leaves’ for consultants
- ‘Staff Join or Leave’ for other staff
Usernames
Login usernames cannot be changed.
Passwords
We recommend that you;
- Do change your password on a regular basis
- Use a strong password
Strong Passwords
The system does not dictate you specify a strong password for your login accounts.
Google’s definition for the requirements of a strong password are available here.
There are many other strong password definitions if you search for them, they vary in practicality.
An alternative is to use a password manager.
With gratitude to Jason Carpenter in www.tomsguide.com
Our personal preference is KeePass which is simple, secure and free.
Using one of these makes it easy to generate a strong password and store it securely.
In Conclusion
We try very hard to keep your system and data secure.
But we do need you to look after the areas that we cannot be responsible for – your login accounts and passwords.