Three ways to protect PDF documents
How can you safeguard your organisation's documents?
Losing sensitive data costs companies an average of $3.8 million per security breach, a recent study carried out by the Ponemon Institute has found.
As well as the financial risk involved, the company's reputation and loss of customer loyalty are also at stake when internal information falls into the wrong hands, not to mention the consequences if legal requirements are breached, particularly with the new GDPR regulations.
Safeguarding the many documents that a company creates, distributes, edits and stores throughout those documents' lifecycle is an extremely difficult task, particularly when it comes to paper documents. But digital documents present challenges of their own when it comes to security. With staff spending more time working away from the office, and increasingly accessing company documents from their own devices or through the cloud, managing how and where digital documents are stored, accessed, shared and edited is becoming a major challenge.
PDF formats are the most popular for exchanging and archiving documents. Managing documents in digital processes based on the PDF format offers a far more secure alternative, with many professional PDF tools already featuring security functions that can be combined with appropriate tools to create an end-to-end secure workflow. In fact, 72% of IT experts surveyed by the Ponemon Institute believe that document security can contribute to maintaining data confidentiality, integrity, authenticity, availability and usability.
There are a number of different ways to protect PDF documents at all stages of the workflow to ensure that data doesn't fall into the wrong hands.
A good PDF solution will allow differentiated access for creating, editing, saving, printing and reading PDF documents. In terms of password protection, there are two levels that are necessary for a sufficient level of security: permission to open a document and permission to edit it.
Protecting the document against being opened is important if only a defined group of recipients is allowed to open it. One example is if confidential information is sent by email - in principle, anyone who gains access to the email can also read the document. However, if the document is secured with a password, only the actual intended recipient in possession of the correct password will be able to open it.
Permissions passwords play an important role, particularly when collaborating with internal or external co-workers, or when communicating with customers. For example, team members may be able to view, print out and add comments to a project plan, but should not be allowed to remove or add pages to it. Similarly, customers should be able to fill in forms and sign documents, but not to modify the text in any way.
It is possible with some PDF providers to go further and use encryption to ensure that protected files can't be read by unauthorised people. But there are potential problems to be aware of with encryption, including meeting various compliance standards, and whether the encryption can be recognised by older PDF applications.
Confidential information removal
In many circumstances, personal data should be removed before a document is circulated to protect it, in a process often referred to as redacting. It is not enough to simply put a black line across the information that should be concealed, as an experienced PDF user would easily be able to remove this line again. Instead, the information must actually be removed permanently. Redacting the section in question simply indicates that sensitive data has been removed, which is particularly relevant for authorities and other public bodies that are required by law to highlight where information has been removed.
All private companies have to handle personal information that is subject to data protection, and must not be passed on to third parties. The consequences for non-compliance under GDPR regulations are severe. Therefore, a PDF tool must be capable of permanently removing this information in a traceable way, including potentially revealing metadata and hidden information.
It is becoming increasingly common to sign documents with a digital ID, which approximately corresponds to a signature on a paper document. If unauthorised changes are made to a document after it has been signed, the digital signature becomes invalid.
Documents may be signed several times by different people. When deciding on a PDF tool, it's best to opt for an application that not only enables documents to be signed, but also to be stamped with a digitally-authenticated timestamp. This indicates that the contents of any data file haven't been changed since that time.
Digital IDs not only allow a PDF solution to authenticate documents, but also to protect them. This is a process known as certifying, which allows the owner of the document to apply a signature and document protection at the same time. The signee can completely lock the document, or allow certain actions to be available for others such as form filling or commenting.
The IT Pro guide to Windows 10 migration
Everything you need to know for a successful transitionDownload now
Managing security risk and compliance in a challenging landscape
How key technology partners grow with your organisationDownload now
Software-defined storage for dummies
Control storage costs, eliminate storage bottlenecks and solve storage management challengesDownload now
6 best practices for escaping ransomware
A complete guide to tackling ransomware attacksDownload now