Help Center
News
Go back to administration
Help Center
News
Go back to administration
Reporting Channels
Reporting Channels
Reporting Form
Hotline
Administration Features
DashboardAnalyticsCategories
Managing Reports
Managing Members
Settings
Report Features
How to ensure security when sending reports
Privacy & Security
Single sign on (SSO)SSO setup guideProtection against virusesEncryption
General
How to use statistics in Power BI?Supported languagesSystem requirementsData Hosting
Integrations
Make integrationZapier integrationAsana integration (via Make)Asana integration (via Zapier)ClickUp integration (via Make)ClickUp integration (via Zapier)Microsoft Teams integration (via Zapier)Slack integration (via Make)Slack integration (via Zapier)
Partner Administration
Demo organizationsCreate a new organizationHow to access client administrationHow to extend a trial periodHow to activate a client accountAdd a new memberAdd a new member in a client organizationDelete a memberMaterialsWhite label

Protection against viruses

We provide the maximum possible protection against viruses while maintaining the anonymity of the whistleblower. Sending a virus as an attachment is highly unlikely. For absolute safety, we recommend scanning the downloaded file with antivirus software before opening it.

How does sending attachments work in terms of security?

  1. The sender can only upload certain types of files as attachments. These allowed file types have been selected by us and are considered safe. They are standard file types that are not programmable.
  2. We check the file extension and mime-type of the attachment. The uploaded file is stripped of metadata and other information that could help identify the reporter and compromise anonymity.
  3. The attachment is encrypted along with the report and sent to the server. The server only stores the attachment and does not interact with it in any way.
  4. If an administrator wants to download the attachment, it is sent encrypted from the server, decrypted by the browser, and made available for download.

Factors preventing attacks: 

  • Only selected standard file types that are not programmable can be uploaded. (Exceptions are macros and executable JS in PDF.)
  • Headers and metadata are stripped from the files, and a virus attack would have to adapt to this. 
  • Attachments are encrypted and not opened or executed within the system. The administrator has the option to download the attachment and open it on their own system. The reporting system as a whole is secure, and once the downloaded file is checked with antivirus software, it can be opened without concern.

Disadvantages: 

  • Due to the encryption of the attachment, it is not possible to integrate antivirus protection, which would have to be performed on the server where the unencrypted and non-anonymized file would be sent. This is an unavoidable compromise made with the goal of protecting the anonymity of the whistleblower and maintaining the confidentiality of the report.
English
Powered by Product Fruits