CALENDAR SECURITY WITH ACCESS LINKS
A basic level of security of a Teamup Calendar is built into the calendar links that are used to access it. These links are ‘secret’ and contain random strings that are virtually impossible to guess. They are also not visible to search engines.
A Teamup Calendar link with the random string is also called a capability URL. For more details about capability URLs and their security aspects please see http://www.w3.org/TR/
The only way to access a Teamup Calendar is via one of these links. No user accounts or logins are required. This makes Teamup unique and simplifies access and sharing for many group members. Calendar administrators can create additional links and set them up with customized permissions. These links can then be sent to others to access the calendar in a controlled manner. It is essentially up to the calendar administrator to regulate who has access to the calendar links.
Currently it is not possible to customize your calendar link using a name that is easier to remember. We recommend bookmarking your calendar link in your browser. Or creating a shortcut on your desktop for easy access. Adding the links to your mobile apps allows you to access your calendar any time anywhere, even if you have no Internet connection. If you do need an easier-to-remember link for a public calendar, create a web page with a link you want, and embed your public calendar.
If you are concerned about the security risk of the calendar links and of them falling into unauthorized hands, for example, through use on public networks, you can enable password protection on calendar links. It requires a subscription to one of the paid plans.
Capability URLs can be seen as a very hard to guess usernames. Together with an SSL encrypted connection and password protection, a level of security is reached that is comparable to some of the best tools out there.
- All communication between calendar users and Teamup Calendar servers is always encrypted using the HTTP over SSL protocol. You can see this in the address bar of your browser. Old links that don’t use the HTTPS protocol will automatically be redirected to use HTTPS.
- Calendar data stored in the database is not encrypted. Encrypting it would significantly limit the functionality of the application. For example, features like search, notification emails, daily agenda emails, etc. would not be possible to provide.
WHAT YOU CAN DO TO BETTER PROTECT YOUR CALENDAR DATA
- Review your calendar links in Settings > Sharing to make sure that the links are shared with users of your choice. Ensure that they are set up with the appropriate permission levels that are needed. Feel free to use or re-use the pre-configured calendar links and modify their access permissions to suit your sharing needs.
- If an employee leaves your organization and should no longer have access to your calendar, your can simply delete the link for that employee. If that link is shared amongst a group of users, create a new link for those who still need access. Even administrator links can be deleted and new ones created. The delete option is available in Settings -> Sharing. It’s that simple. Learn more about managing calendar links.
- Enable password protection on your calendar links.
- If you have enabled your users to subscribe to iCalendar feeds from your Teamup Calendar and now want to prevent a departing employee from accessing the feeds, you can either delete the calendar link that was shared with that employee previously, or enable password protection on that calendar link. All feeds from that link will disappear from the user’s other calendar program where the feed was subscribed from.
- Review who has subscribed to email notifications and daily agendas and from which links in Settings > Notifications. The calendar administrator can subscribe or unsubscribe users if needed. Pay attention to the links from which the notification subscriptions were created. This is important as the respective links are included in the notification email, which is meant for the user to quickly go to the calendar right from the notification email. However, if the subscription was created by mistake from a link that was not intended for that user, such as an administrator link, it means a security risk as the user gains access to the calendar with permissions that are not intended for him or her.
- Periodically re-create the calendar administrator link and other links if necessary to prevent unwanted access through exposed calendar links for various reasons. See how to manage calendar links.
- Save or export your important calendar data periodically for local reference if it helps give you the peace of mind. Learn how to save data to a PDF file and how to export calendar data.
Optionally, it is possible to define ranges of IP addresses or IP domain names from which clients are allowed to access the calendar. This makes it possible to restrict access to certain networks, for example the company network. Contact us for more information.
For information about server reliability, check out Teamup’s server uptime.
Keywords: Data privacy, security, password protection, access control