Three ways to protect PDF documents

In the world of IT, the year 2020 will be remembered for many things, and among them should be PDFs rise to prominence. Of course, to most professional, PDFs are nothing new, yet the surge towards remote working (stranding workers far from their office printers) has enforced unprecedented reliance on this arm of digitisation.

On the one hand, PDFs are a scalable, ready-made solution to facilitate remote working. On the other, they are a vulnerability, with greater amounts of sensitive, digital data created for cyber criminals to target.

Today the cost of a cyber breach reaches on average $3.86 million, a figure made more devastating by the uncertainty in which we find ourselves. And the damage doesn’t stop there. When sensitive information falls into the wrong hands, reputations will be tainted and customer loyalty lost, not to mention the consequences if data protection regulations are breached.

Every single PDF document a company generates, distributes, edits and stores must be carefully safeguarded. Fortunately, some PDF tools come with in-built security features. A good start, but with PDFs accessed from various devices, across systems, and at different stages of workflow, the enterprise must do more to ensure security.

On your journey to protecting your PDF documents, there are three key factors to consider.

Password protection

A good PDF solution will allow differentiated access for creating, editing, saving, printing and reading PDF documents. In terms of password protection, there are two levels that are necessary for a sufficient level of security: permission to open a document and permission to edit it.

Protecting the document against being opened is important if only a defined group of recipients is allowed to open it. One example is if confidential information is sent by email - in principle, anyone who gains access to the email can also read the document. However, if the document is secured with a password, only the actual intended recipient in possession of the correct password will be able to open it.

Permissions passwords play an important role, particularly when collaborating with internal or external co-workers, or when communicating with customers. For example, team members may be able to view, print out and add comments to a project plan, but should not be allowed to remove or add pages to it. Similarly, customers should be able to fill in forms and sign documents, but not to modify the text in any way.

It is possible with some PDF providers to go further and use encryption to ensure that protected files can't be read by unauthorised people. But there are potential problems to be aware of with encryption, including meeting various compliance standards, and whether the encryption can be recognised by older PDF applications.

Confidential information removal

In many circumstances, personal data should be removed before a document is circulated to protect it, in a process often referred to as redacting. It is not enough to simply put a black line across the information that should be concealed, as an experienced PDF user would easily be able to remove this line again. Instead, the information must actually be removed permanently. Redacting the section in question simply indicates that sensitive data has been removed, which is particularly relevant for authorities and other public bodies that are required by law to highlight where information has been removed.

All private companies have to handle personal information that is subject to data protection, and must not be passed on to third parties. The consequences for non-compliance under GDPR regulations are severe. Therefore, a PDF tool must be capable of permanently removing this information in a traceable way, including potentially revealing metadata and hidden information.

Certificate-based signatures

It is becoming increasingly common to sign documents with a digital ID, which approximately corresponds to a signature on a paper document. If unauthorised changes are made to a document after it has been signed, the digital signature becomes invalid.

Documents may be signed several times by different people. When deciding on a PDF tool, it's best to opt for an application that not only enables documents to be signed, but also to be stamped with a digitally-authenticated timestamp. This indicates that the contents of any data file haven't been changed since that time.

Digital IDs not only allow a PDF solution to authenticate documents, but also to protect them. This is a process known as certifying, which allows the owner of the document to apply a signature and document protection at the same time. The signee can completely lock the document, or allow certain actions to be available for others such as form filling or commenting.