Limitations when using data encryption
If you enable encryption in your account, you will one step increase the security of data storage both on the server and on the local computer. Now log files and screenshots will be stored encrypted and even in case of unauthorized access, the sensual information will be inaccessible.
However, the use of encryption imposes some restrictions on the operation of the service. Let’s list the main points that need to be taken into account:
- If encryption is enabled in the account, then it must be confirmed for all devices where the new version of the StaffСounter agent is installed. Otherwise, the StaffСounter program will switch to the “careful monitoring” mode: it will stop collecting data containing confidential information – web addresses, text, and screenshots, but will only register the names of running applications. This is a signal to the HR manager to confirm the encryption for this device.
- Disabling encryption is not provided. This protects data from server administrators and developers. On the administrative side, encryption cannot be canceled either. Therefore, the monitoring agents, having received the encryption key generated on the basis of the password, will send encrypted data to the server until their uninstallation. If you need to disable encryption for any reason, you should contact server support.
- The backup uploaded in the Backup section will also contain encrypted data. To decrypt them, you will need a special application, which is currently being developed. It will also use the password for the user account on the server.
- Mail reports will also contain encrypted data. To decrypt them on the mail client, a special software module will be used, which is also under development.
- If the account uses agent programs of different generations, and there are some that do not support encryption, then some programs will be presented twice in the reports. For example, one Google Chrome program will be taken from logs without encryption and will be shown the same way, without encryption. Another Chrome program that came in the encrypted form will be stored on the server as an encrypted code and will be visible to the server not as Chrome but as an alphanumeric code. For this code, the server will calculate usage, productivity, and so on. But in the browser of the HR manager, this code will be decoded and shown again as Chrome. This will show the same Chrome program separately for agents with encryption and agents without encryption.
- If you reset the password with the Forgot password command, the encryption keys will change and the previous data will become unreadable. When the agent programs receive a new encryption key, they will start sending data encrypted with the new key, and this data will already be successfully decrypted in the server panel. If you have a copy of the encryption keys, you can restore it and then the old data will also be readable.