Lauren Posted May 1, 2018 Posted May 1, 2018 If you suspect that someone is logging into Tapestry using an email address and password other than their own then the very first thing to do is deactivate that user. You can do that from the Manage Relative/Staff (whichever is appropriate for the user) page within the Control Panel. You then need to find their name and use the cog along the line from their name to deactivate them. This will stop anyone from being able to sign in with that email and password combination. The next thing to do is to get in touch with us. We will be able to deactivate your whole account whilst we investigate. To do that, you can either use the 'Contact us' page in the drop down list from your name, or send an email to customer.service@eyfs.info. If you do send us an email though please make sure you message us from the email address you or another manager uses to sign into Tapestry - that way we will be able to help you a lot more quickly and efficiently because we will know we're speaking to the right person. When you do contact us please use the 'in brief' text box or subject line to make it clear this is an issue about security. We keep an eye out for those ones. For example, you could say 'Account Breach'. Within the body of the text please try to give us as much detail you can about who is affected and in what way. We will respond to that as soon as we see it, at which point we will take you through the next steps either over email or over the phone if possible. In the meantime though, we would recommend that you investigate what exactly the person who has logged into your account has done and that you start to think about how someone else could be using this person's account. To work out what they have done, you need to go to your 'History' in the Control Panel. Then, use the 'Filter & Sort Events' bar (it's hidden in the screen shot below, but it's where the first red arrow is pointing to) to search for the user's name. Remember to press 'Submit' when you have typed it in. That will then show you everything to do with that user - including when they were added to, when they've logged in, which observations they've accessed, and what they've added to Tapestry. This will help you to establish exactly what happened and will help you if you need to inform the ICO and any data subjects (or their relatives) who might have been affected. Some common causes of people being able to login to someone else's account are:1) It's been set up with the wrong email address. In this case, you have already done everything you need to do to stop them from accessing it. You may however, want to undo any changes they've made and add the person you intended to set up initially as a new staff member/relative.2) Someone has got into the email account of the intended user. In this case, you should follow the advice in this tutorial.3) The user has a really easy to guess password, or they have told people what their password is. In this case, you should manually reset the password of your user and tell them to make sure they have reset their password for every other website where they use a similar password. If that includes their email address, do not reactivate them until they have changed that password. Go back to Main Tutorials Page
Recommended Posts