No direct access for SimplyBook.me support team
Upon activation of double authentication, the SimplyBook.me does not have any access to the user’s system which can be bad if you need quick assistance but also enhances security. Although all of SimplyBook.me staff that can come in contact with personal information have clean criminal records and have signed an NDA, access now becomes restricted and the only way for them to gain access is if the user gives them temporary code so they can help them out with settings if needed.
One of the most delicate information in the system are patient details, and these are usually stored in a component called SOAP. The SOAP component has now been enhanced to be encoded at rest so that no one can have access to this information, even if they break in to the user’s system, or even into SimplyBook.me servers UNLESS they have the secret key. This key can be kept on an USB drive, or in a computer’s folder. It is never stored on SimplyBook.me servers. Just make sure that the computer is well protected, so that if it is stolen, thieves would not have easy access to the hard disk. Same applies to the USB drive, this can also be encrypted with a code that only you remember.
All emails have unsubscribe links but this has now also been added to the promotions emails so clients that have unsubscribed from getting these messages will not be receiving them. This has though fortunately not been a problem as clients are generally happy to receive promotions from their favorite providers.
For users that want to harden security even more, there is the HIPAA feature that can be enabled for Standard and Premium subscriptions. This feature allows users to set automatic system log out after predefined time, like 20 minutes after system was being used. It also allows users to get notifications upon each login into the system. Furthermore, this feature disables personal data to be sent over email or SMS, it removes client’s and service names from these notifications, making it harder for snoopers to see personal data.
It is also recommended for users to harden the security on mobile devices using long passwords, and automatic deletion of phone data when there are several wrong passwords attempts. This will avoid thieves getting hold of double-authentication access code.
All users should set auto screen lock to decrease the risk of snooping from people that may be browsing the workplace. Here is a link that describes how this can be done on Windows based computers.
Here is a link to good article from PayPal about how GDPR affects anyone handling personal data from subjects in EU, and what steps to take.