Security Best Practices Guide

This guide provides comprehensive security best practices for nurseries using our software. Following these guidelines will help protect sensitive data, and ensure the safety of children, families, and staff information.

1. Account Security

Strong Password Requirements

• Minimum 12 characters – the National Cyber Security Centre recommends using three random words to create a password that’s ‘long enough and strong enough’
• Don’t share logins for each user account - never share or reuse passwords
• Use unique passwords don’t use the same password on more than one online account. It is recommended to use a password manager to manage your passwords securely.
• Don’t write passwords down for example don’t write them on sticky notes
• Avoid predictable patterns such as nursery names, common words or sequential numbers.

Two-Factor Authentication (2FA)

• Enable 2FA for all users. See our Setting up Two-Factor Authentication Guide.
• This is recommended by the National Cyber Security Centre.
• Review user accounts within Portal > User Management quarterly to ensure all user logins have 2FA enabled.

User Access Management

• Principle of least privilege - grant only the minimum access needed for each role
• Regular access reviews - audit user permissions monthly
• Immediate deactivation of accounts when staff leave
• Separate accounts for each staff member - no shared logins

2. Data Protection

Sensitive Information Handling

• Child records should only be accessed by authorised personnel
• Parent contact details must never be shared without consent

3. System Security

Device Management

• Automatic screen locks after 5 minutes of inactivity
• Approved devices only - maintain an inventory of authorised equipment
• Regular updates - install security patches when available

Network Security

• Secure Wi-Fi with WPA3 encryption (minimum WPA2)
• Guest network separation from nursery management systems
• Only allow work devices to connect to the network.

4. Staff Training and Awareness

Security Training Programme

• Induction training for all new staff on data protection
• Phishing awareness - regular simulated exercises
• Phishing is when criminals pretend to be someone you trust (like your nursery software provider, Ofsted, or even a parent) to trick you into sharing passwords or clicking malicious links. For example, they might send fake login pages, password reset requests, or forms asking for sensitive information. These attacks often come through email but can also happen via text messages or phone call
  

1. Annual refresher courses covering current threats and procedures
   

Parenta will never request your login credentials over the phone, email, or by any other means. Always navigate to the login page directly to login.

Conclusion

Security measures should enhance, not hinder, the excellent care you provide to children and families.

For specific questions about security features within the nursery management system, please consult your system administrator or contact our support team.

• Related Articles

• Famly

  Exporting Data from Famly Click on the cog icon (Settings) at the bottom left of your screen Select Data management Click Export data Click Request Export. You will receive a notification when the export is complete and ready to access within the ...

• Tip of the Month 2025 - September - Data Security

  ?️ Your Data Security at Parenta: A Handy Guide We know how important it is to keep your information safe - especially when it comes to children’s data. With recent news about cyber incidents in our industry, we wanted to share exactly how we ...

• Recommended Tablets and Browsers

  Recommended Tablets To ensure you have the best experience, we strongly recommend the following requirements: Minimum 9 inch tablets (iPads or Android) A high to mid-end tablet manufacturer ( Apple for best experience, or Samsung, Lenovo) A model ...

• Online Enquiry Forms - Web Designer Integration Guide

  ? Web Designer Integration Guide – Enquiry Forms The enquiry forms allow direct submission into Abacus from external websites and direct links. To maintain consistency and security all enquiry forms must be integrated following the instructions ...

• Parent Direct Debit Setup Guide

  Parenta Pay With Parenta Pay, you can easily set up Direct Debit payments directly through the Parent Portal app, so you no longer need to remember to make payments manually. Parenta Pay is powered by Stripe, a secure online payment gateway that ...