The laptop, phone or tablet someone uses to access Tapestry has been lost or stolen.

[Lauren]

If you have been broken into there are a few things you should do as soon as possible in order to protect the data on your devices and within Tapestry:

1) If you were logged into Tapestry when the device was stolen or you set it to remember your passwords, deactivate any user that might affect. You can contact us to do that for you if you're not confident using Tapestry or if you think it will affect a lot of people on your accounts.

2) Check your History.

3) If someone on the device can access your email inbox on the device without entering a password make sure you force it to log out of all active devices and change your password.

4) Wipe the devices remotely if possible.

5) Contact us

 

I will go through how to do each of those things here. 

1) Deactivate users

In most cases, someone having access to a device that is used to access Tapestry is not enough for them to be able to actually login. However, if you were logged into Tapestry when the device was stolen, there is a chance that they will use the account and, if you are logged in as a manager, they could potentially change your password to something only they know, or add themselves as an additional user.

They might also access your Tapestry account if you set that device to remember your passwords/auto fill them for you. 

If that is the case, the easiest and safest thing to do is to login to the browser version of Tapestry as a manager on a device you have access to and deactivate the user accounts that might affect. 

You can do that from the manage relative/staff (whichever is appropriate for the user, but most likely 'manage staff') page within the control panel.
 

You then need to find their name and use the cog along the line from their name to deactivate them. This will stop anyone from being able to sign in with their email and password combination. 
 

2) Check your History

Once you have deactivated any potentially compromised user accounts, you should check your 'Events' page to see if there has been any suspicious activity on your account between the time your devices were stolen and now. 

To do that, you need to go to your 'History in the Control Panel. 

 

Those will be in chronological order, so just look through those to make sure you are happy that everything looks normal. 

If you have any doubts at any point please do contact us! Skip to point 5 to see how to do that.

 

3) Log out of your email account

If you can login to your email account on the stolen device without entering a password it is important that you force log out of that so that the person who has your device can't use it to reset your password for Tapestry or any other website that you use that email address to login to. You will need to do that from within your email account, but how exactly will depend on the provider you use. You should be able to google how to do it though if you're unsure. If it's not possible, or you can't see how, the easiest thing to do will be step 4 - wipe the device remotely. 

4) Wipe the devices remotely if possible

As well as removing access to the various websites and apps you use, it is important that you wipe the stolen device if you can, so that the people who now have it cannot access any of the photos or other documents you may have stored on it. 

If you have an iOS device you will be able to do that from within your icloud account. You can see some guidance from Apple on how to do that here.

If you have an Android account you will be able to do that from within your google account. This guidance from google explains how.


5) Contact us

If you have any concerns at any point please do contact us. We might be able to advise you further, and if you're worried someone is in your account we can deactivate the whole thing while we investigate further.

You can either use the 'Contact us' page in the drop down list from your name, or send an email to customer.service@eyfs.info. If you do send us an email though please make sure you message us from the email address you or another manager uses to sign into Tapestry - that way we will be able to help you a lot more quickly and efficiently because we will know we're speaking to the right person. 
 

 

If you do contact us please use the 'in brief' text box or subject line to make it clear this is an issue about security. We keep an eye out for those ones. For example, you could say 'Account Breach' or 'Devices have been stolen!'

Within the body of the text please try to give us as much detail you can.

Once that is all sorted, you can ask us to reactivate your account if we have locked the whole thing, or you can reactive each user who you have manually deactivated. You should only do this though when you're positive that no one other than them can access their email account. 

To do so, manually change their password from the 'Manage Staff' page in your control panel to something of your choosing (so fill one in, don't sent the password reset email). Then reactivate their account using the cog next to their name and send them a password reset link so they can set their own password. If they did have their password stored on the stolen device they should use a different one. 

 

Go back to Main Tutorials Page