The blogsite has been rather quiet – unsurprisingly – over the summer. This doesn’t reflect the level of activity that has been going on here: we have been processing a number of new applications for membership, and working hard to develop structures that will be able to sustain a larger organisation.
But we are very invested in creating lively and helpful forums where friends and members can talk to one another: this means developing our blogsites. We know that people will have anxieties about using blogging – it’s unfamiliar to most of us, and feels unsafe and exposing. But for an organisation that needs to maintain close contact between far-flung, busy people, it is a very helpful resource, to supplement conferences and workshops, Skype conferencing, emailing and telephone calls.
We hope to make it safe for members to hold clinical discussions via our members’ blogsite. This is obviously something that depends on how well we can provide safeguards that make it possible to share sensitive material.
We have been exploring the use of blogsites in general, and we have consulted a technician about the problems of security. I asked him to summarise the very helpful discussion we had with him, so that I could post it on our blogsites, and this is what he wrote:
Jenny has recently contacted me over security concerns that have been raised in relation to confidential and sensitive data being accessible through a WordPress site. We had a conversation about this today and she has asked me to summarise our discussions into this post to help reassure members.
Just as a quick introduction, my current role is as a Learning Technologist within the eLearning Unit at the University of Liverpool. I have over a decade’s worth of experience supporting learning and teaching within a higher education environment. Much of this experience is directly related to the use of technology and supporting online and distance education. Jenny approached me for advice through a mutual friend and colleague, Janet Strivens, and this is how I became involved.
In our conversation I stated that I understood the concerns when it comes to security and the digital world. Information is flying around the planet at incredible rates and it seems as though nothing is safe and secure. Of course this could be claimed of any data transfer and communication, no matter what form it takes. Word of mouth, printed documents being misplaced or stolen, encrypted storage lost and hacking of private files and emails are all potential threats.
WordPress is pro-actively monitored and kept secure by the company involved. It is in their interests to keep vigilant and maintain a high level of regularly updated security so people use their system. They are aware of current threats and update their systems to combat this. As WordPress themselves state: “Your sites are well-protected on WordPress.com. We monitor potentially harmful activity to ensure there is no unauthorized access to your content”. This quote is from the following webpage which also highlights a common sense and practical approach to approving security. Please read through it when you can http://en.support.wordpress.com/security/ .
WordPress can be made more secure by hosting it on your own server and applying tighter controls and extra layers of security.http://codex.wordpress.org/Hardening_WordPress Arguably this would make the system less usable and add layers of complication but it would be more secure. The problem is this is not an option for this group as you have no budget for technical expertise or your own hardware to host your own site.
Only members who are specifically invited into this site and other secure areas have access to view or edit content. Any other access is illegal and WordPress will be monitoring for it. If the steps suggested in the http://en.support.wordpress.com/security/ article are followed then it will be as secure a system as you could hope to use.
I hope this is useful and reassuring for the group. Good luck and best wishes with your work.