Three ways to protect PDF documents

How can you safeguard your organisation's documents?

Losing sensitive data costs companies an average of $3.8 million per security breach, a recent study carried out by the Ponemon Institute has found.

As well as the financial risk involved, the company's reputation and loss of customer loyalty are also at stake when internal information falls into the wrong hands, not to mention the consequences if legal requirements are breached, particularly with the new GDPR regulations.

Advertisement - Article continues below

Safeguarding the many documents that a company creates, distributes, edits and stores throughout those documents' lifecycle is an extremely difficult task, particularly when it comes to paper documents. But digital documents present challenges of their own when it comes to security. With staff spending more time working away from the office, and increasingly accessing company documents from their own devices or through the cloud, managing how and where digital documents are stored, accessed, shared and edited is becoming a major challenge.

PDF formats are the most popular for exchanging and archiving documents. Managing documents in digital processes based on the PDF format offers a far more secure alternative, with many professional PDF tools already featuring security functions that can be combined with appropriate tools to create an end-to-end secure workflow. In fact, 72% of IT experts surveyed by the Ponemon Institute believe that document security can contribute to maintaining data confidentiality, integrity, authenticity, availability and usability.

Advertisement - Article continues below
Advertisement - Article continues below

There are a number of different ways to protect PDF documents at all stages of the workflow to ensure that data doesn't fall into the wrong hands.

Password protection

A good PDF solution will allow differentiated access for creating, editing, saving, printing and reading PDF documents. In terms of password protection, there are two levels that are necessary for a sufficient level of security: permission to open a document and permission to edit it.

Protecting the document against being opened is important if only a defined group of recipients is allowed to open it. One example is if confidential information is sent by email - in principle, anyone who gains access to the email can also read the document. However, if the document is secured with a password, only the actual intended recipient in possession of the correct password will be able to open it.

Permissions passwords play an important role, particularly when collaborating with internal or external co-workers, or when communicating with customers. For example, team members may be able to view, print out and add comments to a project plan, but should not be allowed to remove or add pages to it. Similarly, customers should be able to fill in forms and sign documents, but not to modify the text in any way.

Advertisement - Article continues below

It is possible with some PDF providers to go further and use encryption to ensure that protected files can't be read by unauthorised people. But there are potential problems to be aware of with encryption, including meeting various compliance standards, and whether the encryption can be recognised by older PDF applications.

Confidential information removal

In many circumstances, personal data should be removed before a document is circulated to protect it, in a process often referred to as redacting. It is not enough to simply put a black line across the information that should be concealed, as an experienced PDF user would easily be able to remove this line again. Instead, the information must actually be removed permanently. Redacting the section in question simply indicates that sensitive data has been removed, which is particularly relevant for authorities and other public bodies that are required by law to highlight where information has been removed.

All private companies have to handle personal information that is subject to data protection, and must not be passed on to third parties. The consequences for non-compliance under GDPR regulations are severe. Therefore, a PDF tool must be capable of permanently removing this information in a traceable way, including potentially revealing metadata and hidden information.

Certificate-based signatures

It is becoming increasingly common to sign documents with a digital ID, which approximately corresponds to a signature on a paper document. If unauthorised changes are made to a document after it has been signed, the digital signature becomes invalid.

Advertisement - Article continues below

Documents may be signed several times by different people. When deciding on a PDF tool, it's best to opt for an application that not only enables documents to be signed, but also to be stamped with a digitally-authenticated timestamp. This indicates that the contents of any data file haven't been changed since that time.

Digital IDs not only allow a PDF solution to authenticate documents, but also to protect them. This is a process known as certifying, which allows the owner of the document to apply a signature and document protection at the same time. The signee can completely lock the document, or allow certain actions to be available for others such as form filling or commenting.

Featured Resources

The case for a marketing content hub

Transform your digital marketing to deliver customer expectations

Download now

Fast, flexible and compliant e-signatures for global businesses

Be at the forefront of digital transformation with electronic signatures

Download now

Why CEOS should care about the move to SAP S/4HANA

And how they can accelerate business value

Download now

IT faces new security challenges in the wake of COVID-19

Beat the crisis by learning how to secure your network

Download now


mobile security

Parachute's Superlock feature keeps your phone recording in an emergency

2 Jun 2020

K2View innovates in data management with new encryption patent

28 May 2020
document management systems (DMS)

Why it’s time to take your documents digital

19 May 2020
video conferencing

Zoom 5.0 adds 256-bit encryption to address security concerns

23 Apr 2020

Most Popular


Apple confirms serious bugs in iOS 13.5

4 Jun 2020

The UK looks to Japan and South Korea for 5G equipment

4 Jun 2020
high-performance computing (HPC)

AMD virtual tour takes us inside Europe's Hawk supercomputer

4 Jun 2020