The simple answer is yes, Info Point is very secure and in this guide we’ll delve into some of the questions around this subject that we have been asked.
Before we start, if you are new to Info Point then you may want to first read What is an Info Point? to fully understand the concept, or why not watch the 2 minute video below.
Is Info Point a security risk?
Anyone managing an organisation’s IT systems may initially be concerned that Info Point will pose a security risk. In fact, a common question we get asked by customers is “Our IT/security department are worried about the security of the system as they think you have to access a website to upload content.”
This is not so. Info Point is an Audio Visual product that does have a Wi-Fi router to allow users to connect to multimedia content via their mobile device. The Wi-Fi router also enables content managers to log into an Info Point and add/edit content. But all of this is done completely independently of the internet. No world wide websites need to be accessed to upload content. It works completely offline. There are no physical connections to the Info Point for customers or end users.
Local Area Network
Let’s step back for a moment. The initial idea for Info Point came about because we were finding that many cultural and natural heritage sites had poor/no mobile coverage or Wi-Fi. This meant they were unable to offer visitors a digital experience in a smartphone orientated world.
Info Point creates its own Wi-Fi hotspot but is completely independent of the internet. The content it shares is stored on a mini computer within the enclosure. Info Point is its own self-contained Local Area Network (LAN). That is why the URL to access the content ends in .lan rather than .co.uk or .com etc. Although a file extension is not required at all.
As an end user, you connect to the Info-Point Wi-Fi network and access the multimedia content in your device’s browser, via Wi-Fi only. But it is worth reiterating that Info Point is a completely standalone product. It can’t connect to the internet and was designed specifically this way. Only the content you share on an Info Point can be accessed. It also means that as soon as the end user leaves the range of the Info Point network (roughly the size of a football pitch) the content can no longer be accessed.
I can’t access the CMS on my work computer
Another issue we regularly come across is related to computer firewalls, “I have joined the ‘Info-Point’ WiFi network (which comes up on my network list) on my work computer and have just tried to login to the content management system but I get the attached error message. It works fine on my own laptop. Why is that?”
Cyber security is a big deal and IT departments need to ensure their organisation is secure as it can be. Therefore, staff will be restricted as to what they can open in a browser on a company computer. A .lan address beginning with http may look suspicious so involving your IT department and procurement teams from the outset is always a good idea so they can understand what Info Point does.
It should be remembered that Info Point is a stand-alone visitor information system and its isolation from any other system creates the ultimate firewall. Furthermore, to even begin an attack on the product someone would need to be within range of the network. Remember, there are no physical connections to the Info Point for customers or end users.
Many IT departments are concerned about firewalls so we recommend identifying what those concerns are early on, and getting one point of contact to go back to if there are any issues. Early collaboration with relevant departments will inevitably save time and confusion further down the line.
Is http safe?
Many websites on the internet now use https as a prefix to the web address. This shows they have a security certificate and that the site is safe to enter. The ‘s’ stands for ‘secure’. To validate a certificate the website needs to be connected to the internet. As you will now understand, Info Point can’t connect to the internet so we are unable to add a safety certificate. This does not mean Info Point isn’t safe – and there are many safe http websites on the internet – and we take security very seriously.
We have been told by some customers that by simply disconnecting their work computer from the company network (which won’t allow non-https connections) it allows them to connect to Info Point without issue.
Can we have a form to collect personal data?
Another question we regularly get asked relates to personal data, “Can we have a form on the Info Point so people can…[add your own reasoning here]?” We strongly advise against this.
On a standard website, forms (and the data they contain) can be stored in secure server centres managed by large hosting companies in highly secure buildings. Any data submitted to an Info Point would be saved to the mini computer that sits inside the Info Point enclosure. Whilst the chances of an Info Point being stolen and having the data hacked is incredibly small there is a chance this could happen. An Info Point is the size of an A4 box file and is unlikely to be bolted down in a secure room – however, many clients do place them in locked cupboards or in an inaccessible area e.g. high out of reach – and if a breach happened it would be the organisation who bought the Info Point, rather than Wildfi, that would be liable for the GDPR data breach and the large fine that would come with it.
Does Info Point have a secure login feature?
Info Point supports a secure login system, with individual users having their own unique/individual IDs & passwords. Users can be assigned Admin or Editor privileges.
Ultimately, involving your IT department at an early stage of the project will help smooth the road ahead and enable the relevant commissioning and permissions needed to use Info Point on a work computer, and allay any security concerns. Please share this with your relevant departments to begin the conversation and please do get in touch if you have any security questions not raised here.