New presentations – Digital Footprint and Eprofessionalism

Managing your digital footprint: creating an effective online presence (approx. 10 mins)

This short presentation provides information and useful advice on managing your digital footprint and how to create an effective online presence. It includes information on taking control of your online presence, some common misunderstandings, how to manage your digital footprint, and much more.

Link: http://edin.ac/2dhc4rm

 

Digital Footprint and e-professionalism (approx. 9 mins)

This short presentation provides information and useful advice on managing your digital footprint and e-professionalism. It includes information on professional bodies’ guidelines, what you need to consider online, and useful advice about being professional online.

Link: http://edin.ac/2eF5rDc

 

Further information and resources can be found www.ed.ac.uk/iad/digitalfootprint

Nursing and Eprofessionalism

At a workshop with students from Nursing Studies, we discussed e-professionalism, including the professional bodies’ guidelines and what e-professionalism meant to them.  The following Wordle illustrates this.

• Professional bodies’ guidelines, can be found on the Digital Footprint website

Social Media Guidance for Vets & Vet Nurses

The Royal College of Veterinary Surgeons (RCVS) published social media guidance for vets and vet nurses.

“Forming a new chapter of supporting guidance to the College’s Code of Professional Conduct, it sets out the professional standards expected of veterinary professionals, as well as providing advice on good practice, how to protect privacy, maintaining client confidentiality and dealing with adverse comments from clients.”

“The new guidance outlines the responsibilities expected of vets and vet nurses to behave professionally offline, online as themselves or online in a virtual capacity. Demonstrably inappropriate behaviour on social media may place registration at risk, as the professional standards expected online are no different to those in the ‘real world’.”

Key areas covered:

• Protecting your privacy
• Good practice when using social media
• Maintaining client confidentiality

Further information and link to the guidances can be found on the RCVS website

Other Resources

• Managing your online presence www.ed.ac.uk/iad/digitalfootprint
• E-professionalism – what is it? Guidelines and case study

E-professionalism guide

e-Professionalism is the way you engage yourself online in relation to your profession,  including your attitudes, actions and your adherence to relevant professional codes of conduct.

Many students are considered para-professionals, such as those studying nursing, medicine, vet medicine, law, teaching and other disciplines. Professional bodies’ have social media and e-professional guidelines which students need to comply with.

For further information and a list of professional bodies’ guidelines visit the Digital Footprint website.

Just launched is a guide and case study for students.

Professional Bodies Guidelines

There are various professional bodies which have social media/digital footprint/online etiquette guidelines.  Depending on your discipline, students may need to comply with these guidelines while at university. Following the guidelines now will ensure you are best placed for when you leave university. Some of the guidelines you may need to consider are below (but there are likely to be others)

• General Medical Council – Doctors’ use of social media (PDF)
• General Teaching Council for Scotland – Professional Guidance on the Use of Electronic Communication and Social Media (PDF)
• Royal College of General Practitioners social media highway code
• NHS Employers – Social Media Guidelines
• Law Society Scotland – Social Media Guidance
• Royal College of Nursing
• Nursing and Midwifery Council
• The Royal College of Radiologists (RCR) – Social Media Policy
• British Medical Association (BMA) – Social Media Guidance (PDF)
• Scottish Social Services Council (SSSC) – Using social media (PDF)

Tell us whether you have looked at any professional bodies’ guidelines

Nursing and Midwifery Council: social networking guidance

The Nursing & Midwifery Council provides social networking guidance. The guide provides information on how to use social media responsibly and how the Code can be applied to social media use.

“Nurses and midwives may put their registration at risk, and students may jeopardise their ability to join our register, if they act in any way that is unprofessional or unlawful on social media including ”

“This guidance, which underpins the Code, covers the need to use social media and social networking sites responsibly.

It is not intended to cover every social media situation that a nurse or midwife may face, however it sets out broad principles to enable them to think through issues and act professionally, ensuring public protection at all times.”

Download or access the guide: http://www.nmc.org.uk/standards/guidance/social-networking-guidance/

Other Resources

• Blog post by a student nurse: E-professionalism and Nursing
• Professional Bodies’ guidelines
• Workshops and other guidance on managing your digital footprint

eprofessionalism and careers in health and medicine

If you are studying for a career in health, medicine or social care professions e.g. as a doctor, nurse, or surgeon,  etc. – please check if there are guidelines on using social media in your profession.

Some common misunderstandings include:

• what you and others say online – stays online – even in personal spaces!
• if content is deleted it cannot be recovered (it does live on a server somewhere, or has already been shared/retweeted/posted)
• even if you think you are not naming an individual e.g. a patient/client, if there is any identifiable information  – this is still a breach of confidentiality

New! Code of conduct – Nursing and Midwifery Council (31 March 2015)

• General Medical Council – Doctors’ use of social media (PDF)
• Royal College of General Practitioners social media highway code
• NHS Employers – Social Media Guidelines
• Royal College of Nursing
• Nursing and Midwifery Council
• The Royal College of Radiologists (RCR) – Social Media Policy
• British Medical Association (BMA) – Social Media Guidance (PDF)
• Scottish Social Services Council (SSSC) – Using social media (PDF)

Further information about managing your digital footprint can be found www.ed.ac.uk/iad/digitalfootprint or follow us on Facebook or Twitter

Beyond Passwords (Stay Safe Online: Part 3)

Licensed under CC BY 3.0 via Wikimedia Commons – http://commons.wikimedia.org/wiki/File:RSA_SecurID_Token_Old.jpg#/media/File:RSA_SecurID_Token_Old.jpg

Welcome back to the third part of our series on securing your social media and online accounts! This week, we’re going to look at how you can improve your security by using more than just passwords on online accounts. The great thing about passwords is that if you’ve been following our guides, you’ve got passwords that are easy for you (or your computer) to remember yet very hard for anybody else to guess. However, when computers are so powerful they can test millions of passwords every second, it is very quickly putting the security of any password under strain. A new type of security has emerged however, and it is called “two-factor authentication”. This relies on both something you know such as a password, and something you have such as your smartphone. You will enter your username and password, and then be asked for a code from your phone which it either randomly made or was texted to you. Only once you enter that will you be allowed access. The security is fantastic – assuming that there aren’t any weaknesses in the software running on their websites, a computer could test every possible password yet still not get into an account. And if an unauthorised party takes your phone, they still need to have your password.

How does it work?

Every website that uses 2FA (short for two-factor authentication) will have slight variations on how their version works. However, most follow this basic pattern:

1. Register your account with them
2. Download an app onto your phone (one app works for most websites)
3. Go onto your account settings. There will be an option to set up 2FA. Go through the process. You will be asked to enter a code or scan a QR code on your phone. Your phone will then give back a code, enter that into the website to confirm it
4. When you next logon to the website, you’ll be asked for a code from the app in addition to the username and password before you can login

As you can see it is simple. However, some websites will instead text you a code rather than use an app. Most websites use an app called Google Authenticator (https://support.google.com/accounts/answer/1066447?hl=en) but if you are on another platform you may have to find an alternative app. Some websites also use other apps – they will tell you how to get them.

What websites can I use this on?

Good question! As the list changes all the time, you should check this website (https://twofactorauth.org). This website will also tell you how to enable it for each service that supports it.

What websites should I use this on?

As many as you can be bothered to is the honest answer! However, start with the services which are most crucial and work backwards. That may mean online banking for you (contact your bank to see what they offer). Then right after, securing your email to prevent anyone from accessing all your other services as discussed earlier. If you have a Google, Microsoft or Apple account these may have lots of sensitive information saved (such as payment details) in addition to your email – they may even allow a hacker to remotely lock and wipe your devices. These accounts should definitely be a priority if you use them a lot. In general though, think about which accounts would be the worst to get hacked and start with them.

What if I lose my phone?

When you sign up for 2FA, most sites offer you a recovery key which YOU SHOULD KEEP SAFE!!! If you lose that, you may NEVER be able to get access to your account again if you lose your phone. This does depend on the service you use, but do ask them or research to see what would happen. You do get services that back up your authentication codes, such as Authy (https://www.authy.com), and can share them between devices. This does decrease security, but increases convenience and for many may be a good compromise. However, do your own research for this!

Are there any other problems?

If you lose your phone you may never be able to login to something again. If your phone is out of charge or not on you, you may also not be able to login at that time. It will also make your day to day online life ever so slightly more inconvenient. It is up to you to decide if those are worth the very big improvements in security. As we store more and more of our important data online and those wanting to break into online services get ever more sophisticated, this may be something you want to consider using more and more.

Managing Those Passwords! (Stay Safe Online – Part 2)

In the last post, we looked at why and how to set secure passwords for online accounts. We even included tips on how to create easy to remember passwords! If you’ll remember however, one of our primary rules was to keep a separate password for every online service. That gets confusing really quickly! With the help of some software called Password Managers, you’ll find that setting new passwords for everything is easier than just remembering a few passwords for everything!

• What is a password manager?

A password manager simply stores passwords for you, with most entering the password when you go onto a website. If you’ve ever been asked by your web browser if you want to save a password (Internet Explorer, Chrome, Firefox and Safari just to name the 4 largest browsers all offer this as do many others) then you’ve encountered a password manager before. Password managers should securely save your password, either using it’s own password to encrypt the other ones or unlocking when you log into your computer. The simplest ones  store them on your computer, so it shouldn’t create any more security problems to use one. The best thing about many password managers is that they can automatically make you a new password when you register a new account or change your password, then save it! This obviously saves you a lot of time.

• What if I have more than one device?

Good question! Today, most people will have a ‘main’ computer such as a laptop, their smartphone, the university PCs and possibly a tablet or another secondary device. There are ways to keep your passwords saved across all of these though. Some password managers save your passwords online in the cloud, which means they can be accessed anywhere with an internet connection. You may be worrying about security, and you’d be right to do so, but as long as you understand the risks and keep your password for any sort of program secure it should not be a problem. Do keep in mind though, if the service does get hacked so do all of your passwords and you will need to change them ASAP!

• What services do you recommend?

We don’t ‘recommend’ any service in particular, however the website Lifehacker has compiled a list of the Five Best Password Managers (http://lifehacker.com/5529133/five-best-password-managers) in January 2015, and would be a great place to look as they were voted for by the readers of Lifehacker! Most of the services listed though do cost money or require some more complicated set-up. However, if you use Apple’s products you might want to consider iCloud Keychain (https://support.apple.com/en-gb/HT204085). Alternatively, if you use Google Chrome (http://www.theverge.com/2013/4/3/4180514/google-brings-password-autofill-sync-to-chrome-for-android) this can synchronise passwords across every Chrome browser you are logged into. Again however, we do not recommend or endorse either of these services nor do we guarantee that they are secure. Whichever solution you choose, you should do research to ensure:

• You are happy with the price of the service
• The service works on every device you want your passwords on
• The service is secure – reading news articles and sticking to reputable services is the best way to tell this if you are not technically savvy
• You understand how it all works – it’s easy using this not to get the most out of it. Also, some systems won’t ever let you back in if you forget your password (for your own security). Make sure you check these things before you decide on one.

• In Conclusion

Password Managers can be very useful, but they are not entirely without risk (either technical or security). A good, if slightly older, discussion of this can be found on PC Pro (http://www.pcpro.co.uk/features/380377/password-managers-are-they-safe-which-is-the-best/page/0/1). If you choose to go for one, make sure you look into it and then research which one is the best for you! It’s not something you’re locked into, although it may be slightly inconvenient to move your passwords between two different password managers it can be done. So hopefully this has been an informative guide on how to improve the security and convenience of all your passwords! Our next article will look on increasing security using more than just passwords. Do you have any experience with password managers? Do you have any tips for people to help get the best out of it? Do you have any questions? Tell us via our Facebook or Twitter!

Simple Security: Passwords! (Stay Safe Online – Part 1)

Welcome to part one in our series on keeping your online accounts secure! Today, we’re going to be dealing with one of the simplest ways to ensure that all your passwords are secure and your email account is locked down.

Most people assume that secure passwords have to be incredibly long, indecipherable strings of symbols and numbers that a computer itself would struggle to remember. While this may keep you secure, there are far easier and better ways to achieve this.

• Use a different password for every* site

The easiest way to keep your passwords secure is to never use the same one online twice. There’s an “*” after every, because for sites that are very low risk (as in, it doesn’t matter if someone does get access), this rule could be bent slightly. But for every website that matters even slightly, use a different password for each one.

This means that if someone does get your password, they can only access one site with it which should very significantly slow down the amount of damage they can do before you can fix it all.

Secondly, you should not assume that all websites will keep your password safe. The secure way for them to store passwords is to turn it into an irreversible code, which they can compare the password to but can’t get the original password back out of (those interested in mathematics, or computer security, can read more at this Wikipedia link). However, some websites may not do this, and some websites may even be run by those who will try to use your email address and password to log into other websites.

Keeping a different password for every website reduces or removes these risks. In our next post, we’ll discuss ways that you can safely remember these passwords (no, sticky notes on monitors or Word documents on desktops don’t count!) so that this isn’t an inconvenience.

• Use a secure password for every site

“I thought you said that there were far easier and better ways than very long complex passwords?”

Yes, there are! “S%V6Yap9ROzHj*t” is a password that was randomly generated just as this post was being written. It is very secure; long, almost impossible to guess (or remember) and very likely will be the only time this password will ever be used.

But if you’ve been on the internet for a while, you may have come across the comedic genius of XKCD. They have a rather different take on secure passwords:

Thanks to XKCD for this, licensed under Creative Commons: Attribution Non-commercial 2.5. Source: https://xkcd.com/936/

As you can see, taking four simple words and putting them together makes a much more secure password than the one I suggested above.

Some websites may require capital letters, numbers, symbols or a minimum length for the password. That does help to keep a password secure; “phonebox” is very insecure, whilst “PhoneB0x1992!” suddenly becomes very secure (and isn’t much harder to remember).

Finally, pick a password suitable for the account. Anything to do with banking or money (for example, eBay, PayPal, online banking accounts etc.) should be very secure because more people will want into it than perhaps other less lucrative websites.

• Keep an eye on the news

This one is simple. If the media reports a website has been hacked, change your password for it immediately. If you used the same password for any other websites, change it for all of those as well.

To be absolutely safe, you could consider changing your password for every website that you use – although that probably won’t be necessary. In every case, read any messages the affected websites send you and follow their instructions as well as the ones above!

• Where do reset password emails go?

Most people will have forgotten at least 1 password in their life, and we all know the drill – click “Forgot Password?”, enter your account name or email address, maybe answer a security question and they’ll email you out a reset password link or new password in a few minutes.

So if someone has access to your email account that all your other accounts send emails to, then they can access pretty much all these other accounts with not much difficulty. And that’s before you consider the amount of personal information you probably have sitting in your Inbox.

You may be tempted to create a special email account for this purpose, but you still have to keep it totally secure or the same problems emerge. Instead, make sure any email accounts handling personal emails or emails from online services are kept as secure as possible! The following posts will detail further security (and convenience) measures you can take, and you should definitely read them.

Even if you decide that it’s too inconvenient for all your other online accounts, secure your email account! It will be the best thing you can do to secure all your other online accounts.

This article was written by Connor Stuart, a 2nd Year Informatics student at the University of Edinburgh