At iCarol, we’re always looking to the most cutting edge and progressive ways of strengthening system security, protecting data, and preventing unauthorized system access. This always has been and will continue to be a top priority for us.
In addition to the security measures we take to protect data during its transmission and storage, ensuring good password strength is one simple way that each iCarol user can protect their system and the personal information stored within. That’s why, to help our users do this, we are proactively implementing advanced security protocols for passwords used to access the iCarol system. Once these new protocols are enacted, our users will be prompted to update their passwords to ensure they meet our new strength requirements.
We appreciate our users’ compliance with these new protocols. We want you to rest easy knowing we are doing our part to keep your iCarol system secure, while also helping ensure that each individual’s use of iCarol also upholds this security through tight password guidelines.
Beginning Sunday, June 3, several members of the iCarol team will be in Dallas, Texas for our annual User Group Summit followed by the Alliance of Information and Referral Systems conference. In attendance will be:
Rachel Wentink, Vice President, Operations
Polly McDaniel, Director of Business Development
Crystal McEachern, Senior Product Manager
Val Kozintsev, Development Team Manager
Sean Higgins, Executive Vice President of Cityview, the division of Harris of which iCarol is now a part, will also join us for the Summit and early portion of the conference so he can learn more about the information and referral industry and meet the 2-1-1 and other I&R clients we regularly work with.
We’ll start our time in Dallas with our annual User Group Summit, on Sunday, June 3 beginning at 9am. This free, all-day iCarol training is aimed at iCarol users and prospective customers with anywhere from beginner to advanced usage experience with iCarol. The day is a chance for our team to focus in on a few key areas of iCarol capabilities and teaching our users how to leverage their iCarol system for the biggest impact.
This year we’ll present two training sessions at the Summit. Our first session of the morning is called Build a Better Picture: Using iCarol Statistics. That session will help attendees identify their reporting needs so they can then build out their contact forms and work flows to support those needs. We’ll take users through an overview of iCarol Statistics with a heavy focus on the analysis tab of reports, discuss Met and Unmet Needs reporting, and talk a bit about how to access data for more advanced reporting needs.
Following a brief break, the second session of the morning is titled Do More Together: Are You Ready? and will focus collaboration with partners. There are a multitude of ways you can use iCarol to partner with both fellow iCarol users, and outside organizations that don’t use iCarol. The session will take attendees through the tangible steps to evaluate readiness and then prepare to communicate with potential partners about collaboration. Attendees will leave with an outline and use cases to help them begin to build successful sharing relationships.
Attendees will then be released for lunch on their own, and then we’ll reconvene at 1:45pm for a traditional User Group session. All are welcome to the User Group Session, even if they did not register for the sessions held earlier in the day. In the User Group session, we’ll share a summary of the enhancements made to iCarol in the previous year, and speak to the upcoming developments in the works and coming soon. We’ll gain feedback from attendees and use their account of trends, themes, and common requests to help us prioritize upcoming and future developments that will best meet the needs of our customers.
If you’re heading to Dallas and will be in town by Sunday morning, it’s not too late to register for the User Group Summit. You can learn more and register here.
From there, the AIRS Conference sessions officially begin on Monday morning. Attendees can come visit us at booths 103 and 104 where we’ll have some items to hand out, including a number of data sheet flyers on a variety of topics of interest to conference attendees, including resource data sharing, offering centralized intake, ensuring continuity of care, dispatching mobile crisis services, and information on iCarol data privacy and security. As always we’ll welcome your questions, comments, and conversation on what’s going on at your organization. We always enjoy the opportunity to talk to you about the projects and partnerships you’re engaging in and investigate how we could potentially contribute to that.
We hope to see you in Dallas!
You may have heard of something called the GDPR, which comes into force May, 2018, and might be wondering what it stands for, and what it means. While my personal favorite for the acronym is Grateful Dead Public Radio, an Internet station located in Baltimore, Maryland, in this context, GDPR actually stands for General Data Protection Regulation.
What is the GDPR? A regulation which will be enforced in the European Union (EU) starting on May 25, 2018. It will broaden the definition of personally identifiable data and will strengthen enforcement for its handling. It also gives individuals (called “clients” in this blog, in GDPR documentation referred to as “data subjects”) the power to request copies of any personally identifiable data you track about them, and the power to ask that it be removed from your system.
Before I move to specific details about the GDPR, let me cite a best practice, true for any country on the planet. If your organization doesn’t need your clients’ personally identifiable data for your business processes, don’t ask it and don’t log it even if it is offered. Use shredding (described later in the blog) to remove personally identifiable data after a set period if this practice aligns with your business process. (See the Data Minimisation section below).
iCarol customers own their data 100%. We, at iCarol feel very strongly that any organization should have the right to access their own data. We, as your data stewards, bear some responsibility in ensuring we process only the data to which your clients give permission, and that we both need to put processes in place to keep it secure. At all times, you have the ability to export your data and can delete or modify the personally identifiable data about your clients.
Locations affected: Some have asked us if they are affected by the GDPR even if they are not in the EU. If you work with clients in the EU, then yes, you must adhere, even if your organization is located in North America, or any other location outside the EU.
Location for data storage: Does the GDPR require personal data from clients in the EU to stay in the EU? No it does not. There are no new restrictions on the transfer of personal data outside of the EU. However, there should be more central coordination in place to oversee data activities, and there are rules regarding the following areas:
Consent: You must explicitly, in a very clear manner, ask for consent to track any data about the client. You’ll need to explain what you’d use the data for. We strongly recommend you add a question to your contact forms, also referred to as call report forms, if you don’t today indicating the client has given consent. Since you can add guiding language to a contact form, you might consider wording the question as your legal team specifically suggests, and make sure your volunteers and staff ask it exactly as worded. If you use chat or text, use the pre-chat or pre-text survey to explicitly ask the question.
Data Minimisation: Organizations can collect only the personal data that is adequate and relevant to the intended purpose. As we stressed above, if you do not need personally identifiable data from your client for your process, do not ask it or log it. For instance, if you do not need a social number or other uniquely identifiable data, don’t ask it and log it thinking you might need it later.
Accuracy: The data about a client must be accurate, which means it must be kept up to date if it is retained. Your client has the right to ask for changes if they feel data is inaccurate. Rights to edit submitted contact forms, also known as contact records, can be granted to iCarol volunteers and staff, or your iCarol Administrator(s) can edit the record. Administrators also have the right to edit client profiles, as can volunteers and staff if you grant them the rights.
Retention of data: Personal data must be kept only for as long as it is needed to fulfill the original purpose of its collection. Since iCarol provides a “shredding” feature to remove personally identifiable data within your logged records, we strongly suggest considering deploying that feature. If you’re unfamiliar with the feature, please see the section below on it.
Security of the data: There are a variety of ways to secure the data. iCarol takes the security of your clients’ data very seriously. While the GDPR does not require encryption, personally identifiable data is encrypted within iCarol “in transit” (when it is traveling from a volunteer or staff member’s device to our servers in the data centre), and “at rest”, when it is saved in the database. A number of other security provisions are also in place to protect the data. Should you need more information on this area, please contact me at to schedule a conference call.
Data Access: As noted above, your clients have the right to ask for transcripts of any of their personally identifiable data which is logged in iCarol. You may print out logged records and print them to PDF. We strongly suggest sending them in an encrypted email, or storing them on a secure FTP site for your client to log into to retrieve them. Later this year, iCarol will release the ability to password protect the PDF. You’ll also want to share with them any profile data you may have stored about them, which is accessible by exporting client profiles, which is available to any Administrator of your iCarol system.
Right to Erasure: Your client has the power to request erasure of their data in your system. It’s important for you to devise a business process on how to handle an erasure request from a client. Using iCarol’s shredding feature can assist in ensuring that very little personally identifiable data exists in your system, and using the search feature for contact forms and profiles can enable you to find it very quickly. iCarol Administrators have the right to delete submitted forms and client profiles.
What is Shredding? Shredding is a feature within iCarol which removes personally identifiable data within contact records. Phone numbers, addresses, names, and any data in a text field is removed from the database when it is shredded. An example of what appears in place of the data is shown below:
iCarol Administrators can turn the feature on in the Admin Tools/Calls tab of iCarol, which schedules the automatic shredding. We already have a range of timeframes you can select in order to shred the data, based upon the age of the contact record. Shredding allows you to maintain the data in dropdown and checkbox questions in your submitted contact forms for reporting purposes, while protecting data privacy for your clients.
As mentioned above, we at iCarol take the security of your data very seriously, as we know many of you work with subject matter that is highly sensitive and which must remain private. We provide the tools you’ll need to protect that data for your clients, to give both you and them peace of mind.
By now many of you have read about the recently discovered security vulnerabilities named Meltdown and Spectre. We are closely tracking the availability of patches for different systems, and many of our systems in our data centers have already been patched. We’ll continue to monitor this on a daily basis and apply high confidence patches to our systems expeditiously.
We encourage iCarol users to be vigilant in monitoring for patches and updating your own PCs, laptops, mobile phones and other devices, to ensure the highest possible security. This includes paying close attention to available operating system updates (Windows Update, for example) and installing these updates promptly. Browser security is key as well, so be sure to check for and install the latest updates to your browsers of choice. Note also that as new security patches become available more updates may be necessary, and so fully securing your local tools from Spectre and Meltdown could be a multi-stage process.
In iCarol, there are five security levels available for users in your system; Trainee, Standard, Enhanced, Supervisor and Admin. Each of these levels enables users to see and use a particular set of tools and functions in iCarol. Further to this, using Advanced Security settings, you can fine-tune exactly which tools and functions each user can see and use. This article will provide an overview of the Security Levels, and definitions of the settings found in Advanced Security Settings.
Security Level is found on the Admin tab of user profiles, as below:
As shown in the above screenshot, there is a link that will take you to an explanation of each security level. This link will show a chart that explains what each security level can see and do in iCarol. Here is a screenshot of the chart:
In general, Admins are the highest security level and can see and use all tools and functions in iCarol by default, with some exceptions that will be pointed out later in this article. Supervisors can see and use everything Admins can, except sending welcome emails to new users and accessing the Admin Tools menu. Again, as with Admin, there are a few exceptions that will be pointed out. Enhanced and Standard users have access to fewer tools and functions, and Trainees have access to very few tools and functions.
Advanced Security Settings
Many of the Advanced Security settings are self-explanatory. Those that are not or where additional information may be helpful to understand what the setting enables will be noted here.
Allowed to access Call Reports and Repeat Callers – This is the setting that enables the user to see “Calls” in the left hand menu, and therefore view and submit call reports.
Can give feedback on call reports – This setting enables the user to see and use the “Feedback” text box in call reports to provide feedback to the user who submitted the call report.
Can review call reports – If you have enabled the function that staff can mark call reports as “reviewed for accuracy”, this setting allows the user to see and use the “Report has been reviewed for accuracy” check box at the bottom of call reports when viewing them.
Can only see call reports submitted by themselves – When the user views the “All Calls” page, only call reports they have submitted will appear in the list of submitted call reports. Further, this means they can only view the details of call reports they have submitted themselves.
Can access Specialized Call Export Tool – This is an add-on feature that enables the creation of resource lists in Word or Excel format. This setting enables users who are not Admins to use this tool.
Can certify computers – If you are using Restriction and Certification, this setting enables non-Admins to user the Certification tool to certify a computer.
Exempt from Restriction – If you are using Restriction and Certification, and the user belongs to a Security Level that is restricted; this setting exempts them from restriction. Depending on settings made on the Tools tab of Admin Tools, Restriction may also apply to Admins and Supervisors. If this is true, to exempt a particular Admin or Supervisor from Restriction, this setting must be manually checked.
Can only see call reports for programs to which they belong – This setting only appears if you are using the add-on feature Programs. This is the setting that restricts users to only seeing call reports that belong to the same programs they do.
Can only see caller profiles for programs to which they belong – This setting only appears if you are using the add-on feature Programs. This setting restricts which repeat callers the user can see and choose for use in a call report. Please note: This setting is not given to any Security Level by default. Therefore, if a user needs this setting, it must be manually checked.
Can use Call Reports residing in other iCarol system – This setting only appears if a caller report from another iCarol system is being shared with your system. This setting enables the user to see and create call reports using the shared call report. Please note: This setting is not given to any Security Level by default. Therefore, if a user needs this setting, it must be manually checked.
Can access Outbound Calls – This setting enables the user to see the Outbound Calls button on the main Calls page, if this tool is turned on in the system.
Can only access Outbound Calls, but not see Call Reports – If a user should only have access to the Outbound calls tool, and should not be able to see and use Call Reports, check this setting.
Allowed to access Shifts – this is the setting that enables the user to see “Shifts” in the left hand menu, and therefore view the shift calendar and sign up for shifts.
Hide the list of people currently in On Call shifts, on the main Calls page – If this setting is unchecked, at the top of the Calls page will be a list showing who is currently signed up for On Call shifts. If this setting is checked, this will not show.
Can only see shifts for programs to which they belong – This setting only appears if you are using the add-on feature Programs. This setting restricts which shifts the user sees on the shift calendar to just those that are for the programs he or she belongs to.
Allowed to access Resources – this is the setting that enables the user to see “Resources” in the left hand menu, and therefore view and search Resources through that link and through the call report form.
Can activate/inactive resources – this refers to the “Status” field in resource records. This setting enables users to change to status to and from Active, Inactive, and Active but do not refer.
Can approve resource changes – This setting only applies to those systems using Workflow rules for the resource database.
Can QA resources – This setting only applies to those systems using Workflow rules for the resource database.
Can access verification – This setting enables the user to use the Automated Verification add-on feature.
Data export options – As noted at the top of this section, if any of these are selected, the person can access the Data Export tool from the bottom of the home page inside of iCarol.
Can always see the full names of staff and volunteers – This setting applies when Admins have made changes to the way user names are displayed in iCarol via the Vols and Staff tab in Admin tools.
Allowed to access Vols and Staff – this is the setting that enables the user to see “Vols-Staff” in the left hand menu, and therefore view the list of users in the system.
Allowed to access Chatboard – this is the setting that enables the user to see “Chatboard” in the left hand menu, and therefore view and post messages to the Chatboard.
Allowed to access Internal Chat – this is the setting that enables the user to see “Internal Chat” in the lower right hand corner of the screen when logged into iCarol, and therefore use this tool to chat with other users that are logged in. Please note: This setting is not given to any Security Level by default. Therefore, if a user needs this setting, it must be manually checked. Alternatively, this option can be checked for everyone by using the “Enable Internal Chat for Everyone” link on the Vols and Staff tab of Admin Tools.
Allowed to access Events – this is the setting that enables the user to see “Events” in the left hand menu, and therefore view the Events calendar.
Allowed to access News & Fun – this is the setting that enables the user to see “News” in the left hand menu, and therefore view the News page.
Statistics – With this drop-down menu, a user can be given access to see “Statistics” in the left hand menu, and therefore run various reports with this tool.
Can receive Instant Messages in iCarol – This setting will only appear if you are using the instant messaging/chat add-on feature. This setting enables the user to assume and respond to chat conversations from the Messaging page. Please note: This setting is not given to any Security Level by default. Therefore, if a user needs this setting, it must be manually checked.
Can receive Texting/SMS Messages in iCarol – This setting will only appear if you are using the texting/SMS add-on feature. This setting enables the user to assume and respond to SMS conversations from the Messaging page. Please note: This setting is not given to any Security Level by default. Therefore, if a user needs this setting, it must be manually checked.
If you have any questions at any time about Security Level or Advanced Security Settings, please do not hesitate to submit a case to the iCarol Support Team via the Online Case Management tool.
By now you probably realize that your helpline absolutely must offer some form of Online Emotional Support to stay relevant in a world where people are going online for everything, including helpline services like crisis intervention, suicide prevention, or information and referral.
iCarol enables you to provide both live chat and texting (aka “Messaging”) to your community. Messaging fits in seamlessly with the rest of your iCarol system, and you can make use of the same tools you’re used to engaging when taking a call, like call report forms and resource searches. Helpline managers will be able to run statistical analysis on Messaging interactions, with or separate from reports about Calls. The platform is intuitive, just like the rest of iCarol, so your volunteers and staff will catch on very quickly. And best of all, because the counselor’s screen and the process flow is virtually identical whether you’re engaged in a live chat or text, once your volunteers are trained on one it’s a total breeze to add on the other.
But say you’re just getting started, and you know you can only choose one platform for now. Which one do you go with? Which is better for your community, for your target population, for your service requirements? Take a look at this comparison between Live Chat and Texting with iCarol…
How the client reaches you
|We’ll give you a bit of code to place on your website which will make a “Chat now” button appear. This button checks iCarol to see if 1) You have a chat shift set up at that moment and 2) If someone is assigned to that shift. If both are true, then the button will show you are Online and clicking it takes the visitor through to registration and on to the chat.
||Our team will work with you to text enable your existing helpline number, or obtain either a short code or a new 10 digit phone number for your service. You’ll then advertise this number, along with your hours of availability, on your website, fliers, social media ads, etc. People will send a direct text to that number to initiate a conversation with your counselors.
For both Live Chat and Texting, you’ll set up shifts in iCarol to note whether your service is available.
||If a shift is not set up and staffed, the Chat Now button will automatically display as “offline” on your website and the visitor will be unable to initiate the chat. The button will display the next time chat is available, so the visitor knows when to return.
||You can advertise your service’s hours and availability, but a visitor may still send you a text, even if you have no shift set up at that time. If that’s the case, the visitor receives a polite message (customized by you) letting them know that they’ve reached you outside your available hours.
|Your conversation is secure and encryped end-to-end from visitor to counselor, because the entire conversation is traveling over iCarol’s secure servers.
||The conversation is secure when passing over our servers, but there times that the conversation is flowing over the telephone wireless network. While phone companies do make some promises about data protection, they are not complete. This is true for any text messaging service.
|Live chat is typically conducted via a computer, and so the visitor will likely stay in one place while chatting. Visitors might use their smart phone’s web browser to view your website and start a chat, in which case they may be more mobile.
||Very mobile, since visitors will be using their smart phone to text in to your service. They could text you from the bus, from a library, the park, etc. and may be on the go as they carry on the conversation.
Length of the Conversation
The overwhelming majority of our clients report that any online interaction, whether via chat or text, take much more time than a phone call. Our clients tell us that a typical chat, for example, may be an hour or more long.
|The entire conversation takes place during a single session, and there is a clear beginning and end. It’s not uncommon to have these sessions last an hour or more.
||Also longer than phone calls, but this conversation may span several days, or even weeks. Think about how when you text with a friend, they may suddenly “drop off” because they got busy and had to turn their attention elsewhere. Later, when they’re available again, they may text you back to continue where they left off. The same can happen with visitors texting in to your service.
|There are no per-message or per-Chat costs for live chat.
||We offer bundles of text messages to you at a nominal cost. Depending on the subscription your visitor has purchased with their wireless phone carrier, they might also incur per-text costs from their mobile provider’s network.
Setting a Service Area
|When the visitor clicks the Chat Now button, they’ll be taken to a registration screen. You can decide what questions, if any, you’d like to ask before they proceed to the chat. Using registration requirements before the chat begins, you can ensure that only visitors who identify as residing within a certain geographic area can enter the chat.
||You can optionally choose to have visitors register their phones prior to the very first time they send a text to you. This can help you collect data, ensure it’s not a “robot” text, and restrict service to a selected geographic area. For example, during registration, you can have the system ask visitors things like age range or gender, which funders may require. If you asked for geographic information, iCarol could automatically restrict service to visitors from an area you select. Visitors only have to answer these questions once; thereafter, iCarol will remember the answers they provided that first time they texted in.
So now you know some of the differences and similarities between offering Live Chat or Texting through iCarol at your helpline. If you’d like to learn more, why not join us for a webinar about Messaging with iCarol. Or you can with your questions.
Digital security is an important component not just for your office but for your home network as well. In the past few months there have been some staggering revelations of security breaches and vulnerabilities, probably greater in magnitude than all of computing history combined before it. Heartbleed, Target credit cards, the NSA just to name a few biggies. It’s getting more dangerous out there… Here are some tips I would suggest you follow on an ongoing basis to protect your digital security at home.
- Only use WPA2 encryption on your home wifi network. It can also be known as WPA2-Personal or WPA2-PSK. For more information you can check out this website
- If your access point supports having an unencrypted “guest” network in front of the DMZ, that is fine too. The DMZ keeps unauthorized traffic from your internal, encrypted network.
- Keep your router’s firmware up to date. Annually is probably sufficient. This makes sure any newly found vulnerabilities, coming both from your internet connection and over your wifi, that have been patched will be in place to protect you.
- Always keep the operating system on your computer, tablet and mobile phone up to date. You may think it is just cosmetic changes but they almost always have important security updates too.
OS X: Updating OS X
Update an Android
Update your iPhone, iPad, or iPod touch
- The most secure major web browser to use today is Google Chrome, partly because it is based on an open-source rendering engine, but also because it gets more frequent updates than some of its competitors
- Of course, always run antivirus software. My favorite for years is the free version of Avast. They will try gently but repeatedly to get you to buy the paid version but the free version is sufficient for most home offices.
- Windows Defender protects against spyware/malware (integrated in later versions of Windows)
By following these tips you can better ensure that the activity on your home network is safe and secure.