Introducing End-to-End encryption soon

Because of Pandemic and remote work, User Activity Monitoring and Time-Tracking solutions start being used more intensively by the corporate customers to manage a remote workforce. As a result, the most popular Time-Tracking SaaS solutions may be targeted by Malware, Cybercriminals, or Insider threats. As a response, we would like to announce the end-to-end encryption feature soon will become available for all StaffCounter customers. With “end to end” Encryption enabled, the data will be encrypted by StaffCounter Agents before upload to the cloud and then decrypted in your web browser right in a moment when you are looking at the reports or employee productivity data. This provides the highest privacy level since data delivered to the cloud storage in encrypted form. By using this principle employed in our cloud storage, technically we will not be able to read and understand productivity data received from computers by any means, on any level. This will enable safe usage of Employee Monitoring (User Behavior Analysis) solutions in any environment, even with the most strict compliance and security policies and requirements. After this feature will be enabled by the customer, or StaffCounter On-premise server will store only encrypted data blocks for each computer or employee.
Further details will be added to this announcement soon.

For this feature, we have employed Public Key Encryption protocols that allow to securely transfer the master key across all the connected computers without exposing it to the StaffCounter server.

How end-to-end encryption will work in StaffCounter
After the E2E Encryption feature will enable for a user account, the updated Agent application will use Public Key Encryption protocols (Fig 1) to receive a unique Master encryption key for the user account right from the Web browser of the respective account owner. Start from that moment Agent application encrypt Device name (Employee name) and other sensitive data inside productivity log by using AES-256 algorithm (and unique encryption key) and then transfer it to Staffcounter server. Sensitive data includes company name, Application names, window titles, Website names and addresses, file names, system events data, Windows account name (username), screenshots, audio data.