The one thing that Dentally takes most seriously above everything else is security. We safeguard your data with some of the most advanced protections in the industry, but Dentally also gives you tools to protect access to Dentally. Here is a suggested workflow that you can use on your end to protect from any unscrupulous eyes.
The first and most simple thing that you can control is your password. Don't use passwords like your dog's name or your mother's maiden name - They are easily guessed. What you need to do is come up with a system for creating a password.
For example, create a phrase like:
I hope that West Ham United win the Premier League in 2017
Take the first letter of each word and lay them out as so:
Next, add upper case letters, exchange letters for symbols and swap numbers for letters (or vice versa), to get:
This will make it virtually impossible for someone to guess your password.
You should also come up with and implement some password best practices within your practice. Common do's and don't are:
Unique passwords that use a combination of upper and lower-case letters, numbers and symbols are best.
Do not use easily guessed or common passwords such as 'password123', 'qwerty' etc.
Do not choose passwords that use easily obtainable information - date of birth, phone numbers, house numbers etc.
Do not include words that can be found in the dictionary. Password cracking tools that use brute force attempts to try gain access to your account will use thousands of common names, words and passwords.
When it comes to passwords, size matters! 10-12 characters in length is good practice but remember, every extra character you add to a password makes it harder to attack.
Use a unique password. Don't copy the same password you use for Facebook, Twitter and your email account.
Don't leave your password written on a sticky note attached to the computer you use Dentally. If you must keep a written record of your passwords (which we don't recommend), the most secure method is to write your login name and a prompt that has meaning only to you.
However, with all that said about passwords, even when it comes to Brute Force attacks Dentally protects your data. A brute force attack is when an attacker tries many passwords or phrases in the hopes of getting guessing it right. This is often automated, with the passwords coming from a dictionary of commonly used phrases.
Dentally protects against this by only allowing someone to enter a password incorrectly 10 times in a row before their account becomes locked out for 10 minutes. Effectively, this means that they can only guess one password a minute - making it virtually impossible to make a correct guess.
This is one of the safest and one of the simplest security measures that is becoming increasingly commonplace. Two-factor authentication adds an even more secure layer of protection to the standard password method of online identification.
When enabled, Two-factor authentication requires a user to verify themselves above and beyond the standard password. If you activate it in Dentally, after a user enters their password, they will receive a text message to their mobile phone with a token. Using this token they can verify themselves when prompted and login.
This method is not without it's drawbacks, but provides an extra layer of security beyond that of a simple password. We suggest that every practice using our dental software should enable it to help add that extra bit of protection to your data.
Permission levels are the settings used to describe the amount of access a user has when using Dentally. To keep your data safe, each permission level has access to a different level of data and we believe you should give each person in your practice the minimum possible access they need to do their jobs.
We have 5 possible permission levels that you can give your users:
0 - No Access
This means that the user will have no access to the dental software. This is useful for when a member of staff leaves as it removes their access from the system entirely but it keeps their activity log for future reference.
1 - Reception
This level is reserved for clerical and reception staff. It allows users to check calendars, add and edit appointments, take payments on the system and view patient details.
2 - Standard Practitioner
This level is reserved for standard practitioners and includes all level 1 functionality. It also allows dentists and hygienists to access the chart, add treatments to a patient record, create and edit treatment plans and create estimates. This level of user cannot see any financial reports for the practice.
3 - Practice Manager
This level is recommended for practice Managers and includes all the functionality of the lower levels. Additionally, this level can see financial reports for the practice.
4 - Administrator
We recommend this level for practice owners and administrators as it allows all functionality - all the previous level access, as well as access to the dental software settings. Administrators can edit and add NHS contracts, add and edit treatments and pricing, and edit all the settings.
Restricted login provides Administrators with the ability to restrict access to Dentally for their users between any hours they would like. This gives practice owners and administrators peace of mind that the data they are responsible for is only being accessed during the times that they want.
This is a great way of ring fencing access to data in a large practice where there a variety of shifts, or where you have a lot of locums coming and going from your practice. This security feature might hinder smaller practices that are required to be more dynamic but we encourage those who require it to activate it.
Restricted login hours works for Access Level 3 and below, so you can't enable restricted hours for Access Level 4.
IP Secure Login
Enabling IP based restrictions on your Dentally account means that your entire practice will only be able to access Dentally from an IP address that you have whitelisted. This means that your data cannot be accessed by any malicious individuals or from any dodgy places.
You can, of course, override this on an individual user basis. It is probably best, for instance, to whitelist your home IP address if you want to run over the practice reports over a glass of your favourite wine on a Sunday night.
So there you have it, our security workflow. Not every one of them needs to be used - that's up to you and your individual practice needs - but each ones gives another layer of security. Have you any ideas on how we could make it better? Is this a workflow that works for you? Let us know!