Documents (or other items) attached to objects, such as Service Requests, in ServicePRO can be encrypted. Encrypting attachments ensures that only those authorized to review the information in the attachment, can do so.
Encryption Settings for your Help Desk are managed here.
From the Configuration tab, click on the Encryption option.
The following window appears:
A trustee is a privileged user who can decrypt any file in ServicePRO with the aid of another trustee.
- ServicePRO requires you to have a minimum of three trustees. A maximum of five can be set.
- Of these selected trustees, at least two are required to decrypt a file that they have not been selected to view. You can change this to three. Set the number of trustees you have decided upon.
By checking the boxes beside objects here, users who attach items to these objects will be required to encrypt them.
Select the objects, if any, that your help desk requires encryption.
Indicate the minimum number of characters required for encryption passphrases. Obviously, the longer the passphrase, the more secure your encrypted files will be. Users will be required to enter this passphrase for each encrypted file they are authorized to open.
Setting an Encryption Passphrase
Before you can encrypt a file or be selected as a trustee, a passphrase must be set. To increase security, the passphrase is in addition to the password required to log in to ServicePRO.
- To set a passphrase, click on the File Tab then click on the User Options button. The User Options window opens as shown in the figure below.
- Click on the Security tab.
- The passphrase must be a minimum of 12 characters. Enter the passphrase in the New Passphrase field. Enter it again in the Confirm New Passphrase field to verify the passphrase.
- In the Remember Passphrase for field, specify the number of minutes that the passphrase will be stored in memory. This can eliminate the need to re-enter your passphrase when decrypting several files. ServicePRO will remember the passphrase for the specified amount of time, or until you log out.
- Click on the Encrypt Attachments by Default checkbox to require encryption for any attachment made to a ServicePRO object. A prompt will appear requesting selection of encrypted file recipients. These users will be trustees with appropriate permissions to decrypt such files.
If system-wide encryption is enforced, this option will be grayed out.
- Attach a file to an object.
- Click the Encrypt File(s) button to open the Encrypt Attachments window as shown below.
- The Attached File(s) list displays all files that will be encrypted for the selected users, from the Available Users list, OR for the selected teams, through Find Team option.
- A list of all users who have set their passphrase is displayed in the Available Users list.
- Click on the users who can decrypt file(s) then drag and drop them from the Available Users list to the Encrypt File(s) For list.
- When users have been selected, click OK to return to the Attachment Item window. Click the Save button to save and encrypt the attachments.
- The encrypted files are listed under the Attachments tab in the object view and have a lock icon beside the attachment name.
Users attaching the documents can encrypt the attachment for specific teams. Also, when the administrator edits a team to add a new user to the team or to remove a user from the team, the encryption for the documents that are associated to this team can be synchronized.
It is required to have passphrase set for all the members of the team that is selected for attachment encryption. If any team member does not have a passphrase set, that member will be excluded from accessing the encrypted attachment.
- Click the Find Team button to select the Team to encrypt the attachments.
- Click OK to return to Attachments Item window and then Click on Save button to save and encrypt the attachments.
- All current members of the team will be added for encrypting the attachment.
- Hovering over an encrypted attachment that is encrypted for one or more teams displays as shown below.
Note: Only the attachment owner can add new users / teams or remove existing users/teams from the “Encrypt File(s) for” list.
The files that are encrypted for a team can be decrypted by the team members with the right passphrase
- When working with a service request, or other object, double-click a file attachment to decrypt it.
- Enter your passphrase in the window that opens.
- After entering the passphrase, a dialog opens requesting a location where the open file can be placed.
- Select a location and the file will open.
On occasion, it might be necessary to decrypt a file when none of the selected users for whom the file was encrypted are available – for example, when an employee leaves the company.
Decrypting files in this situation is called Trustee Decryption and requires a minimum of two trustees.
- To perform a trustee decryption, one of the trustees must log in to ServicePRO and locate the file that needs decryption.
- Click on the Update button to edit the object to which the file is attached.
- Right-click the file you want to decrypt, and select the Trustee Decrypt menu item.
- Each trustee has a designated area for selecting his name and entering his passphrase.
- Enter user names and passphrases as needed then click Decrypt.
NOTE: If you have specified that a minimum of 3 trustees are required to decrypt the file, then your form will feature with three frames, requiring 3 trustees to enter their information.
If you forget your passphrase, you can create a new one with the assistance of two trustees.
- To re-create your passphrase, click on the File Tab.
- Click on the My User Options button.
- Click on the Password/Encryption tab then click on the Forgot Passphrase button.
- Two trustees are required to enter their names and passphrases.
- After the other trustees enter their information, you can re-create your passphrase.
To change a trustee, you must have the assistance of another trustee.
- From the Customization tab, click on the Encryption icon.
- Select a trustee name in the Trustees list then click the Remove button.
- The assisting trustee must also enter his/her name and passphrase before the selected trustee can be removed from the Trustees list.
- You must replace this trustee with another if you no longer have the minimum number of trustees. You cannot close this window until Trustees list contains the minimum number of trustees.
- Click on the Save button when all requirements have been satisfied.
Tips and Best Practices
Ensure that you have at least three trustees who will not lose or forget their passwords. If an attachment is encrypted, the file will not be recoverable if you do not have the appropriate number of trustees to decrypt the file.