Update: IMPORTANT UPGRADE NOTIFICATION
At Questback, ensuring that we have the best possible standards around information security and data protection is of critical importance to us. We regularly review our standards to ensure that you and your data are as safe and secure as possible. Therefore, in keeping with the industry-wide disabling of older versions of TLS, we had planned to disable our support for TLS v1.0 and v1.1 for all our Unipark customers between Jan 14th-18th 2019. After this time, only TLS v1.2 and above would have been supported. However, due to some technical complexities, we have decided to postpone this upgrade. Unipark will now be upgraded between February 25th and March 1st 2019.
To ensure that you encounter no difficulties using Unipark, please ensure that you and your customers are using browsers compatible with TLS v1.2 and above.
Questback will continue to work to deliver the best possible standards for information security and privacy.
FREQUENTLY ASKED QUESTIONS
1 What is TLS?
Transport Layer Security (TLS) is a protocol that provides privacy and data integrity between two communicating applications (e.g. a Web browser connecting to a Web server). It’s the most widely deployed security protocol used today, and is used for Web browsers and other applications that require data to be securely exchanged over a network.
2 How will this upgrade affect me and my customers?
If you are using an older browser that is not compatible with TLS v1.2, you will be unable to access Unipark. This will be the case for all areas of the system including completing surveys, accessing portals and using the administration area. The best way to ensure compatibility is to update your browser. If you are using the following browsers, or more recent versions, you should experience no difficulties accessing EFS: Chrome v30, Firefox v27, Internet Explorer 11, Microsoft Edge, Safari 7 or Opera 17. Some exceptions do exist however, so please consult this matrix (https://en.wikipedia.org/wiki/Transport_Layer_Security#Web_browsers) for detailed information on specific browsers and TLS support, or visit this website (https://www.ssllabs.com/ssltest/viewMyClient.html ) to see if your current browser supports TLS 1.2.
3 What will be the experience for someone trying to access the system with an unsupported browser?
The specific error message you receive when trying to access Unipark using a browser that does not support TLS V1.2 will vary depending on the specific browser. For example, those using earlier versions of Internet Explorer will receive this message: “Internet Explorer cannot display the webpage.” For all impacted browsers, some kind of error message will be displayed, and you will not be able to access Unipark. Please see below for example error messages for Chrome, Firefox and Internet Explorer.
Internet Explorer Browser
4 What is the risk of supporting older versions of TLS?
By using obsolete versions of the protocols, Web services can become vulnerable to downgrade attacks in which attackers force connections to servers to use older versions of the protocols that have known vulnerabilities. As a result, encrypted connections between a Web site visitor and the Web server can be vulnerable to man-in-the-middle and other types of attacks. In other words, communication is no longer secure.
To proactively close known vulnerabilities and support the most secure protocols, Questback has decided to shut down TLS 1.0 & 1.1 in its web services and only accept TLS 1.2 supported connections.
5 Why is this upgrade happening?
As stated above, should we continue to support older versions of TLS we increase the risk of suffering attacks and data breaches. As required by The GDPR and stated in our current Data Privacy Agreement “Questback shall ensure that it implements and maintains compliance with appropriate technical and organizational security measure for the process of [personal data]” to ensure the highest level of technical security we need to upgrade our platform to no longer support TLS versions 1.0 and 1.1.