Category

Security

Data security in HR

Data security in HR (Encouraging your employees to be security-savvy)

By | Events, Security | No Comments

If you attended the recent CIPD Annual Conference at Manchester Central on 6th and 7th November, you may have listened to a talk from our very own CEO and Co-Founder, Jason Dowzell who discussed how you can encourage your employees to be security-savvy. If you missed it you can download the slides by completing this short form: Jason covered some important aspects regarding data security in HR, including system passwords, phishing and social engineering and how they can breach your sensitive data. What is sensitive data? Firstly, to be security-savvy, we need to understand what sensitive data actually is. In…

Read More

Update on browser support

By | Security | No Comments

Effective immediately, we are updating our supported browsers list to reflect changes made as a result of PCI DSS 3.1. PCI DSS stands for Payment Card Industry Data Security Standard and is a standard to which we comply as we process card payments online as well being recognised as a best practice for internet security including sites using https. Under PCI, this is a requirement for “strong cryptography” and, as of PCI 3.1, this means sites must use TLS 1.2 and can no longer use SSL 3.0 and early TLS. Read more here. The result of these changes is that…

Read More

Is security ever anything but inconvenient?

By | Security | No Comments

A real dilemma our team faces day after day is how to ensure the security and integrity of clients data whilst also trying to find a balance with making the system easy to use. For example, we used to insist on system access requiring a PIN number as well as a password – we now make that optional for the company to decide whether to use or not. It means the system is quicker and easier to access but it also means if an employee uses the same password on multiple sites and those other sites get compromised then someone…

Read More

What makes a secure password?

By | Security | No Comments

In the UK at the moment there is a lot of media focus on secure passwords coming from a Government campaign around the general area of online protection (https://www.cyberstreetwise.com/) – whilst in London last week passing through the Underground I saw a number of billboard posters which gave examples of weak and secure passwords and they offered some great advice which I wanted to share but also look at some of the reasoning behind this. The general advice around passwords is: Use upper and lowercase letters Include numbers Include “symbols” (things like !, @, # etc) Make it at least…

Read More

Why do I have to enter a PIN to login?

By | Security | No Comments

Frequently we get emails from clients who want to forego the requirement to enter a PIN number on login – additionally, a high proportion of support tickets we get are related to login problems and, most commonly, PIN numbers. So, with all that in mind, why do we bother with a PIN number? Firstly, it is worth remembering the type of data stored within an HRIS system – this is personally identifiable, employee data such as names and addresses and so on but, further to that, there is also data like dates of birth, driving license numbers, national insurance numbers…

Read More