Jump to content
Home
Forum
Join Us
What's New
Articles
Resources
About Us
Tapestry

Tim

Admin
  • Content count

    7
  • Joined

  • Last visited

Community Reputation

15 Good

About Tim

  • Rank
    New user

Profile Information

  • Gender
    Male

Previous Fields

  • Your interest in Foundation Stage education
    Other

Recent Profile Visitors

286 profile views
  1. GDPR

    Hi Sandcastles2000 It is difficult to comment on your specific website host and what they are proposing. What I can do is try to explain about SSL certificates and cookies so you are well informed to assess your needs. SSL certificates are a way to encrypt the end-to-end communication between someone viewing a website and the website itself. So, for instance, if your website allows people to submit personal information, such as parent/child information, or payment details, you would definitely want an encrypted connection. Without this, the information is sent as plain text and is susceptible to someone intercepting it in transit. All websites are moving towards using SSL certificates and encryption of all pages, which is generally good practice even if personal/sensitive information isn't being passed, and modern web browsers will complain about pages that are not encrypted. Cookies are small files that sit on a user's computer - they are created and updated by the website (the user's web browser will have an option to allow or disable cookies). They contain information about the websites that the user visits and allow the website to tailor webpages to the particular user. For instance, if you have filled in a form on a website, your name and email address may be stored in a cookie and this will be sent to the website on your next visit. Cookies do not present a serious security risk, as they only contain information that the user has volunteered to the website. However, they can contain personal information, so probably your website host is proposing a pop-up which gains the user's permission for the website to create and update cookies. I hope this is helpful. Tim :-)
  2. Hi there I'm answering this post as I work for Tapestry and I'm a childminder. Personally, I wouldn't recommend using the General Log as an attendance register. I think it would be quite time consuming and wouldn't be as easily accessible as you would want, for instance, if you want to show attendance of all children for a particular day. There is a feature under development which, whilst not ready quite yet, aims to provide a fully functioning attendance register as part of Tapestry. The developer's screen shots that I have seen look really impressive and I think it will be worth waiting for. Watch this space... Tim :-)
  3. My GDPR 'To Do' list

    Hi Bluebirds. Any USB drive is fine to use as an encryption key with accompanying encryption software. There are hundreds out there, but you don't need to spend very much at all. I chose one that was as physically small as possible, as I wanted to keep it on my keyring. Also, as I don't store any additional files on the USB drive, I purchased the smallest capacity available. Mouseketeer, dependent on your software, it may be possible to have one usb drive acting as an encryption key for multiple devices, but you could end up continually swapping it between devices. More information from earlier posts:
  4. GDPR Email Encryption

    Hi Sparklers17, welcome to the forum. I think the use of a cloud service (GoogleDrive, DropBox, OneDrive, etc.) is a matter for people to decide for themselves. Many small settings will have a single computer, with little backup and anti-virus protection, or computers that may be accessible to unauthorised people (e.g. in a pack-away setting), so using cloud storage may actually be a far more secure solution than storing files locally. Two factor authentication is good practice to help to further secure information. For those trying desperately to understand, two factor authentication is using something else in addition to just a password to access your files. This maybe something like biometric authentication (e.g. fingerprint or face recognition), or more simply a text to a mobile phone when you login with a code that can only be used once and expires after a short time - as the text is sent to a specific phone, even if someone finds out your password, they would also need access to your phone. As for email, ZIP files do provide a good way to password protect a number of files in a batch, although most of the applications that people will be using (e.g. Word, Excel, Acrobat) also have the ability to password protect individual documents directly without the need to use an additional application. As I mentioned yesterday, consideration needs to be given as to how passwords are communicated to the recipient. As far as encryption is concerned, whilst email should be encrypted during transit, it is normally unencrypted in the recipient's mailbox. It is therefore accessible to anyone with access to the computer where the email is received (a clear screen policy and always locking the computer when walking away is good practice). If a sender is using an additional method of encryption, you will normally be required to register and login to a third-party encrypted email system, so you will know about it. This system may also allow you to send encrypted emails back, but this will depend on the individual solution and configuration. You should not assume that because you have received an encrypted email from, for example, your LA, that anything you send back will also be encrypted. Hopefully we are not getting too technical and helping to inform people to make their choices :-)
  5. GDPR Email Encryption

    Your email will usually be encrypted during transit, meaning that if someone intercepts it while it is being sent from your computer, between email servers, or being delivered to the recipient, it will be secure. Once delivered to the recipient, it will be available to anyone with access to that email mailbox. It might be good to think about a few things before sending emails containing personal information, such as: ensure you have the correct email address (it is very easy to accidentally send to the wrong person by, for example, typing hotmail.com rather than hotmail.co.uk) make sure the recipient is expecting the email, will be available to receive it and than no-one else will have access to the email account at that time confirm safe receipt with the recipient rather than typing personal information into the email, put in into a document that you can password protect and attach to the email. Or you could upload your password protected document to a cloud service such as googledrive, onedrive or dropbox, the provide a link to the document in your email. Of course, you will need to tell the recipient the password to access the file(s), which you should not do via email. There are a number of solutions available for end-to-end encryption, ensuring that only the intended recipient can access emails that you send to them, but these do come at a cost. Many agencies that we work with will have something in place, such as the NHS, local education authorities and social services. So it is worth an assessment of what personal information you might to want send that won't already be captured by these and whether the steps above might be adequate before investing. I hope that's helpful :-)
  6. GDPR; security

    Hi there! You need software on your computer to "encrypt" your files. The dongle can be any USB flash drive that will be configured by the software to work as an Encryption Key. Once this is all setup, the USB key is needed to unencrypt your files when you turn the computer on (so works exactly as you say above). There is software built-in to some versions of Windows, called BitLocker, but doesn't come with all versions. E.g. it comes with Windows 10 Professional, but not Windows 10 Home. There is some more information here:
  7. My GDPR 'To Do' list

    Encryption is making information unreadable to those who do not have the right "key" to unlock it. Without the key, even if someone gets hold of your documents, they will just appear as nonsense. There are many ways to encrypt your documents using a range of different software packages. If you are using a Windows based PC, Windows 10 Pro and Enterprise versions come with BitLocker which can be used to encrypt your whole hard disk. As pointed out above, you can also encrypt selected folders in Windows, which also uses BitLocker. You will need to make some choices about how you want to unencrypt your information: Obviously, when you want to access your documents, you want them to be understandable again, so you need to create a key to unlock your data. Some modern PCs have a TPM chip, which will store your key for you - this means that anyone trying to access your documents from anywhere else (someone gaining access to your WiFi for example) will not be able to, but if someone were to get access to your actual computer they could still access your documents. So, as well as using a TPM chip, which is good practice if you have one, you can also setup either an additional password to use when you turn on your computer or, as I prefer, use a USB key. You can use any USB drive for this, and it simply needs to be inserted into a USB port when the computer is turned on. Once the computer is up and running, the USB key can be removed and should not be stored with the computer. There is a useful guide to BitLocker here: https://www.windowscentral.com/how-use-bitlocker-encryption-windows-10 but this is only one of many tools that you can choose from. Your anti-virus / anti-malware software may include drive encryption if you do not have a version of Windows that includes BitLocker.
×