Blog

System Security – Approaches & Insights

We work to ensure your system remains secure and thought you’d like some insights into our approaches and recommendations.

HTTPS

Cloud Appointments uses HTTPS for all its communications.
This means that all network data traffic between your web browser and our servers are sent in an encrypted, unreadable, format.

So whether you’re using your system or the demo system you’ll see a Secure tag in the web address bar.
Click the tag to show you more information;

secure connection

 

 

 

 

 

 

 

Servers & Settings

Partly for performance and partly for security reasons Cloud Appointments has its own physical (not virtual) servers in an Auckland secure location.

The Cloud Appointments software has been written with security in mind and it complies with current security recommendations.

Web Address

When we created a Cloud Appointments system for you it was assigned a unique web address.
If someone wants to login into your system they’ll need to know its web address as well as a login username and password.

Therefore, please only pass your Cloud Appointments system web address on to people who actually need it.

Licensing & Logins

Our licensing system is based on the maximum number of active consultants you have on your system.

If your licensing allows it then you can have as many logins as you want.
But bear in mind that each login is an access point to your system and its data so needs to be managed with security in mind.

Please don’t share logins as it;

  • Makes it hard to track who updated data on the system
  • Interferes with the storing of personal settings
  • Confuses the licensing functionality

When staff change have a look at the online help topics;

  • Consultants, Consultant Joins or Leaves
  • Staff Join or Leave – Logins

Logout

Most data breaches are caused by the people who actually work for that business.
Whilst this is usually occurs in larger businesses, it is still something you should be aware of.

Do please remember to logout of the system when you’ve finished using it and especially overnight.

Failed Logins

If someone knew your system’s web address and username then, if allowed, they could try all the possible combinations and eventually find out your password.

Therefore the system only allows a limited number of password entry failures.
If a login fails more than a certain number of times then the login account is locked and no login (even with a valid password) will succeed.

Have a look at the online help topic ‘Unable to login to system ?’ as to how to fix a locked account.

Staff Join or Leave

Have a look at the online help topics;

  • ‘Consultant Joins or Leaves’ for consultants
  • ‘Staff Join or Leave’ for other staff

Usernames

Login usernames cannot be changed.

Passwords

We recommend that you;

  • Do change your password on a regular basis
  • Use a strong password

Strong Passwords

The system does not dictate you specify a strong password for your login accounts.

Google’s definition for the requirements of a strong password are available here.
There are many other strong password definitions if you search for them, they vary in practicality.

An alternative is to use a password manager.

compare password managers

 

 

 

 

 

 

 

 

 

 

 

 

 

With gratitude to Jason Carpenter in www.tomsguide.com

Our personal preference is KeePass which is simple, secure and free.

Using one of these makes it easy to generate a strong password and store it securely.

In Conclusion

We try very hard to keep your system and data secure.

But we do need you to look after the areas that we cannot be responsible for – your login accounts and passwords.

December 4, 2017 Blog Posts
About admin