mWater values the security and privacy of user data and takes numerous measures to ensure that our database, server and user data are protected from loss due to crashes or malicious attacks. In this article, we explain the precautions we take to secure your data in terms that non-computer engineers can understand. We also provide some tips and best practices that you should follow in your organization to protect your data from unauthorized access.
Data security in the mWater software platform
mWater was designed from the ground up with best practices in data security. These security measures are reviewed and updated on a regular basis in response to new threats. Here is a quick overview of our approach to platform security:
- Your data belongs to you - We state clearly and unequivocally in our Terms of Service and Privacy policy that your data belongs to you and we will not sell it or share it to anyone without your express permission.
- Control your personal data - You can view what personal data mWater collects and why on your account page. You can manage your account and in compliance with General Data Protection Regulation you are free to withdraw consent at any time and request the removal of personally identifying information.
- Cloud-based platform with enterprise-grade security - Unlike many other data platforms that require installing a copy of the software on your own server, all mWater data and apps are managed centrally through our server and database, which are built using industry standard protections, including encryption, frequent backups, and two-factor authentication for administrative access. This ensures that everyone is always using the most up-to-date version with the latest patches to protect against emerging threats.
- Role based access control - Our Organizations feature allows you to set up your permissions and deployments based on roles, such as admin, manager, and viewer. This offers admins an overview of all their users, what kind of access they have, and their activities. When someone leaves the organization, their user account can be removed from the organization so they no longer can access data.
- Permissions enforced at the server - All access to the mWater database is made through our Application Programming Interface (API), which checks to see if the user is allowed to access each piece of data requested. Data is never downloaded to the client without first going through this permission checking process.
- Data and password encryption - All data transferred between our server and apps is encrypted using state of-the-art-algorithms and passwords are never stored as text. This means that anyone intercepting communications with the server would not be able to read the information transferred. All data stored on the server is encrypted at rest for maximum security. Encryption done with AES-256 or equivalent.
- No dev shops or outside software firms - All mWater software is built in-house by a small team of dedicated programmers. Unlike many in our sector, we don't contract work out to dev shops or buy commercial software to rebrand it as our own. This means we have complete control over security and access, and we fully understand every piece of software we use.
- Change logging and backups - We track all previous versions of sites and survey responses and we provide admin tools in the portal such as 'View history' to monitor changes. We also keep daily offsite backups of the database and can reconstruct past configurations of your setup (we charge a fee for this service). The number 1 rule at mWater is zero data loss. We even offer an option to download all of your organization's data as a single zip file so you can make your own offline backups.
Detailed information about specific concerns that you or your organization might have is provided in the sections that follow.
Database and server security
The mWater database is stored on a UpCloud-hosted server for security and reliability. It features continuous offsite backups to Backblaze with Point In Time Recovery (PITR) allowing restoring of the database to a point immediately before a problem occurred. The server also has a restrictive firewall, and high-reliability storage. All mWater image data is stored in Backblaze B2, which features high-reliability and 99.9999+% durability. The database is accessible only to authenticated users via the mWater API server. Server administration is also protected by two-factor authentication requiring an automatically generated code which changes every 30 seconds.
Disaster recovery
mWater has a tested disaster recovery plan that allows the server to be completely recreated in the unlikely event of its destruction. The database can be restored within a few hours to an exact point in time. Database backups are protected on Backblaze to prevent data deletion even in the event that the server is compromised.
Data transmission security
mWater clients connect to the API server using HTTPS-encrypted connections. In the event that a malicious party were eavesdropping on the communication with the mWater server, they would be unable to read or modify the data being transmitted because it is encrypted with high-security encryption. The API server validates all requests and creates a permanent copy of all changes to the database, including deletes.
User account security
In the event that a malicious user obtained the password of an mWater user or account administrator, all changes and deletions in the database could be reversed. Passwords in the mWater database are stored securely in hashed form to prevent passwords from ever being able to be disclosed. Even the mWater administrator cannot physically view passwords as they are stored in a one-way encrypted form that prevents them from being read, even in the unlikely event of a security breach. All mWater user data is available for download at any time through the mWater API by an authenticated administrator.
How to protect your mWater data
All data you collect in mWater belongs to you, so that also means that you have an active role to play in protecting it from unauthorized access. Human error, such as unintentionally sharing passwords or not properly implementing access controls, is usually how large data breaches happen. Hacking into computer systems is difficult and requires specialized skills. It is much easier for malicious parties to take advantage of common mistakes or to trick people with social engineering or
'phishing' attacks, where a user is tricked into entering their credentials into a fake site.
Your best defense is to have a trained and knowledgeable administrator managing your organization's data and to train all of your users on data security. The following sections provide a summary of best practices for data security in mWater.
Understand and use mWater permissions correctly
mWater provides different levels of permissions, allowing you to share the basic data about public infrastructure, such as the location of water points, health care facilities, or communities, while keeping sensitive information like survey responses private. Some key concepts include:
- Viewers of surveys can only see the design of the form, but admins can see all responses to the form;
- Each Deployment has its own set of viewers who can see final approved data; when a user opens the Responses tab to a survey they only see responses for deployments for which they are viewers;
- Deployment managers can see all responses in that deployment at any approval stage;
- Anyone who creates a survey is automatically made the Admin of that survey form but this does not extend to their organization (you could be in more than one); therefore, you need to add your organization's admin team to the Admin privilege for any survey owned by your organization (do this in the Share tab); and
- The most common permission setting used for public sites is Protected, which means anyone can see the basic site info but only the organization that manages the site can change this data. Remember that survey deployment permissions are always enforced. The same applies to all maps, dashboards, and datagrids. Even if you can open a site page or a visualization, you will still only see survey response data for deployments in which you are a viewer.
Once your organization and surveys are set up properly, always go to the org chart to make new deployments. Simply open up the branch you want to deploy to, go to the Deployments tab, and click on Deploy new survey. The user roles will be pre-filled based on the options you select, but you can change these later.
Follow these best practices for organizational data management:
- Ask your users to create accounts using their real names and email addresses (e.g. not "user-0123"). This way, your admins will be able to easily tell who has access to data.
- Don't share accounts among multiple users. mWater allows you to create unlimited accounts.
- Only make deployments to branches or teams in your organization. Don't deploy to individual users. This way, you can easily remove a user from your organization and know that they won't continue to have access to data.
- Ask your users to always set the 'managed by' permission on new sites they create to your organization, not themselves.
- Remember that something shared with an entire branch or organization (the top-level branch) is shared with everyone in the org. If you want only specific people to have access, put them in a team (or the default Viewers team) and share the item only with that team.
Develop policies on what types of data should be shared
There are many kinds of data that
should be shared, such as infrastructure locations, functionality surveys, and indicators. However, most organizations also collect data that is sensitive, including contact information on beneficiaries, financial information, or the location of sensitive sites. It is important that you develop an organizational policy on what data should be shared and train your users to follow it. Telling employees to treat all data as sensitive is not a policy; people will find workarounds to unreasonable guidelines that make routine, non-sensitive work difficult. Keep your policy up to date by studying
best practices for enterprise-level data security, as new threats are constantly emerging.
If you purchase a paid setup package from mWater, we can provide a custom app environment for your users that limits them to using only the surveys and permission settings that you choose, further enhancing security. Contact us at info@mwater.co for more information.
Train all users in data security
All of the mWater features to protect data security depend to some extent on the user understanding how to use them properly. Make sure that you train all users, especially admins, in your data protection policies and have a plan to train new employees. Here are some training tips:
- Create mWater accounts with your real name and a working email address so that you can be contacted if a problem occurs. This allows managers and admins to keep track of who has access to data and allows you to easily identify and remove a user who leaves the organization.
- Use strong passwords. We recommend using either a random password generator (LastPass and Dashlane are reputable companies that offer this service for free) or using passwords that consist of 4 words that have no relationship to each other. For example, "correct horse battery staple" (don't use this exact one!) is very difficult for a computer to guess, and it is much more likely that you will be able to remember it and not have to write it down or store it in your phone or computer. xkpasswd is a free service that can create passwords like this.
- Set a password or fingerprint ID to unlock your Android phone and set the phone to use encryption if it has that option.
- Don't install software on the device that is not from a reputable and well known company.
- Know your organization's security policy, especially regarding privacy settings to be used for sites and surveys, appropriate uses of data, and rules about obtaining informed consent.
- Don't store or email around copies of mWater data unless you have a specific need, such as performing statistical analysis or keeping offline backups. Instead, create visualizations in the mWater platform and add authorized organization branches or teams as viewers.
Use Confidential Data Mode for sensitive data
Sensitive data is any information that should be protected against unwarranted disclosure due to concerns over personal privacy or sensitive business information. We collaborated with the University of North Carolina Water Institute to develop a feature called
Confidential data mode that helps you to conduct household or beneficiary surveys in a manner that protects sensitive data from disclosure. With this feature activated, you can specific certain questions in your survey as confidential. Once the survey is submitted, only survey admins will be able to see the confidential answers and GPS locations will be offset by a random distance and direction. Refer to the
Confidential mode tutorial for more information on how to use this feature.
Take even more care when collecting data on or about children.
Don't collect data that could be harmful
In a world where large companies and governments have suffered from serious data breaches (including
Yahoo,
Uber,
EquiFax, and the
US Government), the truth is that no software company can guarantee that your data is 100% safe. We work hard to keep on top of current trends and emerging threats, but as we mentioned earlier, most data breaches are the result of unauthorized access caused by compromised users rather than skilled computer hacking. Therefore, our most important advice is that if unauthorized access to a particular piece of data could cause serious or irreparable harm to someone, do not collect it.
Last updated January 2023
