Casebook Security: Passwords, Permissions & Encryption

Everyone has personal information that can't get into the wrong hands. Whether you're in child welfare, workforce development, foster care, community services or any area helping others, working in the social services sector means the most sensitive parts of their lives are in your hands, or at least your case files. How you protect, store, and organize that data is critical for doing your job, and the right software can not only help you stay organized but keep your clients safe. That's where Casebook comes in. 

With Casebook, privacy and security features kick in the moment you open the software, with an extremely stringent password validation system, continuing with customizable permission levels that easily allow you to determine which staff members have access to what information, encrypts that data so it doesn't fall into the wrong hands, and updates the software on a frequent basis to stay ahead of any new challenges. 

Speaking of passwords, you can't use Casebook with a password as hackable as welcome123 or anything else as common. Casebook requires that users create passwords that, as Chief Technology Officer Jordan Jan explains, "are extremely hard to guess." In addition to the current strict password controls, he adds that "we are adding multi-factor authentication," providing an extra level of security to ensure users are who they say they are when they first sign in.  

Individual Permissions

Even when authorized users are logged in, however, that doesn't mean every user has the same level of access to an organization's data. As Jan emphasizes, casebook security is based on an idea called the principle of least privilege, meaning that any user should have only the bare minimum level of access needed to complete their jobs, and any additional permissions and access are added as administrators see fit. 

Each organization decides for itself who should be the administrator that controls the level of access and roles for all employees using the platform. In Casebook, these roles are configurable, allowing variable permission levels that grant the ability to view, modify, create & delete data based on an organization's needs.

In practice, this means an individual social worker might only have the ability to edit their own clients' information once the client has completed an intake. Still, they may only be able to view  (and not edit) the intake information if another staff member completed the process if it's necessary to do their job. 

This customizability, Ashley McCullough, Service Delivery Manager at Casebook explains, "is key to data protection." She adds, "We also understand that each organization's privacy needs may be different." 

An administrative staff member involved in ensuring organizational licenses and certificates are up to date may be able to access those specific documents but not edit them, or only edit what their supervisor or administrator has deemed necessary. 

Administrators can also set permissions at different levels across different Casebook modules. A staff member might have supervisor access in, for example, the intake feature, but not in cb track, which covers onboarding, licensing, and inspections. 

Organizations can also adjust how information is labeled on the system. As an example, McCullough cites an anti-human trafficking organization who decided to forgo using real names in their Casebook casefiles, instead choosing a unique identifier so as to further protect the people they work with. 

Data Encryption

Once you've logged in and established your permission level, it's time to start actually entering and editing data in Casebook, which is where another critical security feature kicks in: encryption. All of the information in the system is encrypted in-flight and at rest. That means the data that you access and update on a regular basis, and the data that's stored for less frequent reference are made incomprehensible to any hackers or other unauthorized people attempting to access your system. The only time the data is not encrypted is when an authorized user, someone with the password and permission to view the data, is logged in, on a computer web browser or mobile device.

Beyond Passwords, Permissions, and Encryption

Casebook's software is updated every two weeks, and each update is subject to rigorous internal and third-party security testing. Engineers and developers are thinking not only of past and present security breaches but also future threats. "We are really looking at every single possible angle and challenge of exposure and eliminating it," Jan explains. 

Security and privacy are at the core of Casebook's mission. After all, as McCullough says, "If your data isn't secure, what confidence would you have in your online solution?" Casebook does the work to keep your data safe so you can concentrate on what matters: serving your clients and fulfilling your organization's mission.

Subscribe Here!