Category

Security

Update on browser support

By | Security | No Comments

Effective immediately, we are updating our supported browsers list to reflect changes made as a result of PCI DSS 3.1. PCI DSS stands for Payment Card Industry Data Security Standard and is a standard to which we comply as we process card payments online as well being recognised as a best practice for internet security including sites using https. Under PCI, this is a requirement for “strong cryptography” and, as of PCI 3.1, this means sites must use TLS 1.2 and can no longer use SSL 3.0 and early TLS. Read more here. The result of these changes are that…

Read More

Is security ever anything but inconvenient?

By | Security | No Comments

A real dilemma our team faces day after day is how to ensure the security and integrity of clients data whilst also trying to find a balance with making the system easy to use. For example, we used to insist on system access requiring a PIN number as well as a password – we now make that optional for the company to decide whether to use or not. It means the system is quicker and easier to access but it also means if an employee uses the same password on multiple sites and those other sites get compromised then someone…

Read More

What makes a secure password?

By | Security | No Comments

In the UK at the moment there is a lot of media focus on secure passwords coming from a Government campaign around the general area of online protection (https://www.cyberstreetwise.com/) – whilst in London last week passing through the Underground I saw a number of bill board posters which gave examples of weak and secure passwords and they offered some great advice which I wanted to share but also look at some of the reasoning behind this. The general advice around passwords is: Use upper and lowercase letters Include numbers Include “symbols” (things like !, @, # etc) Make it at…

Read More

Why do I have to enter a PIN to login?

By | Security | No Comments

Frequently we get emails from clients who want to forego the requirement to enter a PIN number on login – additionally, a high proportion of support tickets we get are related to login problems and, most commonly, PIN numbers. So, with all that in mind, why do we bother with a PIN number? Firstly, it is worth remembering the type of data stored within an HRIS system – this is personally identifiable, employee data such as names and addresses and so on but, further to that, there is also data like dates of birth, driving license numbers, national insurance numbers…

Read More

Security starts with you!

By | Security | No Comments

We get a lot of questions about how secure our application and the data contained with our application is and, whilst these are valid questions, we often encounter customers who think that the security is only our problem and not theirs. Whilst in some ways this is true and we do place a lot of time and energy into securing our systems and applications, there is a huge onus of responsibility on users to ensure their endpoints are secure – if this does not happen then how secure our systems are becomes a minor consideration. For example, when you login…

Read More