You can now find Cyber Kendra on Google News!

Protecting Confidential Documents and Proprietary Information

Protecting Confidential Documents and Proprietary Information

The leak of confidential documents is far from unheard of. Daily, information from the government or big businesses appears in the media or falls into the hands of hackers. Despite the best efforts of IT departments to scan email attachments, confidential and proprietary files have a way of making it out – regardless of whether it’s intentional or accidental.

This is in many ways a product of the times we live in. While at one point it was sufficient to secure your corporate network and leave it at that, businesses today must cast a much wider net. Workers are not only bringing their own devices; they work from home, use cloud services, and visit unsecured networks in cafes and hotels. 

When they do leave after a day at the office, their documents often go with them, synced to an email account or cloud storage service. That’s not to even mention the cases where a document needs to be shared with somebody outside of the organization entirely.

Traditional access controls will never be enough now that the genie is out of the bottle. Without additional protection, files can be copied and passed on, modified, intercepted, or sold to criminals. With employees potentially using a mixture of corporate, personal, and public networks throughout even a single workday, it makes sense to protect the one constant: the files themselves. 

While it won’t be possible to protect every single file type, there’s one that’s widely used in corporate settings, leaked often, and regularly contains confidential information. If you haven’t guessed already, the format we’re talking about is the humble PDF.

Stopping PDFs from leaking

Anybody in the information protection industry will tell you that encryption is the first line of defense regarding leaks. It ensures that should a third party happen across your information, all they see is a jumble of numbers and letters. However, the way encryption is implemented is just as important as whether it’s used – passwords are easily shared, and encryption alone won’t stop purposeful leaks. Once a document is decrypted users can do what they like with the content.

The better play, then, is to combine encryption and DRM controls to prevent both types of leaks. While DRM represents an additional cost, it’s ultimately far less damaging to the bottom line than unpublished financial reports, ongoing internal investigations, or board minutes becoming publicly available.

PDF DRM solutions work by encrypting your document into a proprietary format that can only be opened by their bespoke, secure PDF reader application. Included with this encryption are the restrictions that should be applied to the document. A single-user license file is then distributed to the intended recipient, which they register to their device and reader app, depositing the decryption keys to their computer's memory, where they can’t be extracted and shared. When the user opens their PDF file, the reader checks the restrictions that should be enforced, then decrypts the file using the keys distributed with the user’s license.

Using this system, organizations can stop unauthorized parties from opening an intercepted PDF file, as they won’t have a valid decryption key on their device. The DRM, meanwhile, has a number of controls that make purposeful sharing all but impossible. 

These include:

  • Anti-printing, screenshotting, copying, and printing controls
  • The ability to lock documents to specific devices and locations
  • When printing is allowed: preventing printing to a PDF file to make a copy
  • Expiry and self-destruct timers, as well as remote revocation
  • Document tracking and logging
  • Dynamic watermarks that display a user’s name, email address, and organization

Naturally, a downside is that some of these controls, such as remote revocation, require the user to connect to the internet. However, DRM solutions may be more flexible than you expect. Admins can typically choose whether to put a document into offline mode after initial verification and disable some DRM features, force the user to connect every n days, check every time the user opens the document, or check only when the user tries to use a restricted function.

This allows enterprises to strike a balance between online and offline functionality that should work for most employees. They maintain control over the PDF after it has been distributed, without hampering productivity. A win-win. 

Of course, this doesn’t mean that companies should be lax on the security of their internal network. That would be like keeping your gate locked but not your front door. What they should do is avoid traps like virtual data rooms, and instead pair strong on-premise security with an affordable document DRM solution.

Post a Comment