Security and privacy considerations in childcare software blog header

Security and privacy considerations in childcare software

Early childhood education is all about trust: between educators and children, and between parents and the childcare centers that care for their children. Beyond learning opportunities, lessons, and meal planning, trust in childcare extends to safety and security, both physically and when it comes to personal and financial information. A typical child care center has access to a lot of sensitive data, including children’s addresses, medical records, their activities and whereabouts throughout the day, and–of course–billing and payment data.

What information security looks like in childcare settings and why it is so important 

Customers entrust childcare centers and management systems with data about their children: information on feedings and diaper changes, development activities, pictures, and more. As a childcare center management software, HiMama handles that data on behalf of childcare centers. We process sensitive information such as photos, financial transactions, medical and personal information of children, and all of that needs to be stored and handled safely.

women on the phone

Having strong online security means treating this data as an important and critical asset that needs to be kept safe. It’s important to note that there is a difference between personal information and Personally Identifiable Information (PII)

They might sound similar, but PII is treated as a separate class of sensitive information because it can be used to commit fraud, since it includes addresses and financial data. Personal information, such as photos, is typically more about privacy since it’s still information that needs to be protected but cannot be used for fraud. 

Childcare centers have access to both kinds of data. 

Security in childcare classrooms: an analogy 

The process of ensuring data is secure online is very similar to how we physically secure and child-proof our childcare centers. We ensure doors lock and close, add in extra gates and locks where necessary, conduct regular inspections, and follow the licensing regulations required by law. These processes are designed to ensure that our childcare center is physically secure and the children are safe. The same care must be taken to secure child data stored online. 

Information security within the HiMama app 

At HiMama, we focus on protecting both kinds of information from being available to the wrong people using industry best practices. Frankly, information security issues don’t come up very often, but they can arise organically, and when they do, we’re aware and ready to act. 

We follow three guiding principles to manage our security infrastructure:

  1. Following industry security standards and best practices to implement technical security controls similar to banks and other businesses that deal with sensitive information. 
  2. Continuously launching features and fixes to the HiMama platform to respond quickly and stay ahead of emerging security threats.
  3. Continuously prioritizing and managing security-related issues, starting with high impact first, but never neglecting the low impact. 

Industry best practices

Industry best practices exist for a reason. These are standards followed by companies and organizations, such as banks and other financial institutions, that are trusted for their ability to keep information safe and secure. There are two standards in particular that HiMama uses to ensure our data is kept secure.

cell phone in hand

PCI Compliance (Payment Card Industry Data Security Standard) is an information security standard for organizations that handle credit cards and financial transactions designed to ensure financial data is stored, managed, and handled securely. Operating according to this standard minimizes the risk of financial fraud using the payment information entered into HiMama by putting controls and security practices into place around how we store and handle Personally Identifiable Information. 

The second standard we refer to is Open Web Application Security Project Application Security Verification Standard (OWASP ASVS). OWASP ASVS is an industry-standard set of security policies and procedures used by banks, governments, and companies to ensure web applications are secure.

Continuously launching features and fixes focused on security

In the event of a security-related issue, we are able to act quickly and ensure that our customer information is kept safe, secure, and private. The security landscape is always changing so we prioritize and launch high-impact security work to ensure that we’re ahead of the curve.

Information security testing at HiMama

Security testing is part of our ongoing regular activity as we work on new features, especially when it comes to our billing platform and handling of financial data.

Our team conducts automated and manual testing of common security issues on a regular basis to help discover and prevent data breaches. Additionally, we work with internal and external information security experts to audit our platform, simulate cyber attacks, and take other proactive measures to discover and fix security-related issues before they become a problem.

A look at a future security feature: What is two-factor authentication?

Two-factor authentication (2FA), sometimes referred to as two-step verification or dual-factor authentication, is a security process in which users verify themselves using two different methods of identification. You log in and then receive a text with a code to verify your identity. It’s designed to protect a user’s credentials and the resources users can access. 

It ensures that it’s really you using who’s using your credentials to log in to your account.

Family with child in front of computer

I imagine you have seen this before when using apps on your phone or tablet. 2FA is being integrated all over, across multiple industries, and it’s becoming more common all the time. Web-based companies can be targeted and this helps protect them and verify who is using an account. It prevents unauthorized entry into an account and can also protect against an email address that is compromised. 

However, it also adds multiple steps and often levels of frustration to the end user during login. Have you ever been trying to access your account and gotten locked out? It is very annoying to have to jump through hoops to access your child’s information when it used to be a simple and easy process. 

Taking that into account, we are actively working through the potential implementation of 2FA for parents and staff members and understand the importance of this potential addition to our security practices. 

What steps can users take to secure their HiMama account?

In order to keep our platform as safe and secure as possible, it is important to always make sure that your account is protected. Here are a few steps that you can follow to ensure your account stays secure: 

  • Ensure you set a strong password following password best practices. Most devices will prompt to set up your password for you to ensure it is secure
  • Limit access to your account. Do not share your login information with others. 
  • Sign out when you are away from your computer 

A further look at security improvements we’re working on

In addition to 2FA, HiMama is continuously improving our internal processes and tools around information security. Here are a few things that we’re focussing on in the next few months:

  • Launching a Vulnerability Disclosure Policy – An industry best practice to help establish better and clearer processes around users and ethical cybersecurity professionals to report and flag security issues for our team to address
  • An internal review of security policies with our leadership to ensure that we’re following the information security best practices
  • Ensuring that we implement new security measures such as 2FA in a thoughtful, productive way for our users to ensure maximum impact 
  • Internal training and expertise around information security and cybersecurity throughout our team

Check out our privacy and security FAQs page for more information!

Syed Hussaini

Syed is a Senior Engineer Manager at HiMama. He is passionate about helping awesome teams build great, well-tested, and easy-to-use features to support our child care experts and parents. Syed lives in Toronto, ON with his partner and is a parent to a rambunctious toddler.