Sending reports

• Store the report in a SysReptor project note.
• Password-protect the PDF.
  • This prevents the report to be forwarded without encryption via insecure channels without enforced retention mechansims (like auto-delete).
• Also password-protect the sharing link.
  • Even though the link contains a random UUID, public links are at risk to be exposed or even archived at web archiving services (like archive.org or archive.is).
• The password for PDF and the sharing link can be the same.
• Set an expiration date for the sharing link (e.g., 2 weeks)
• You can transmit the sharing link via email.
• If you need to send the password, transmit it via another channel.
  • Recommended: Signal messenger
  • Alternative: SMS
  • Not recommended: MS Teams (this is usually the same account as email; if one is compromised, the other is probably too)
• Only send the encrypted PDF report at a written explicit request from our customers.