Businesses today face a significant challenge when it comes to document protection: files must be shared, yet it’s easier than ever to leak confidential information. With most documents now distributed digitally, it’s trivial for an employee or outside partner to copy and paste the content into their favorite messaging app and press send.
Some organizations try to address this risk by tightening their internal network. They restrict the websites employees can visit, monitor them extensively, and stop them from taking documents outside of the network. This is rarely effective, though. It’s all but impossible to block every single file-sharing or messaging site, and attempting to do so can end up hampering employee creativity and productivity. More crucially, though, it’s rooted in a past where the office was the sole place of work.
Many businesses have a mixture of on-site personnel and remote workers or freelancers. On top of that, a lot of documents flow out of the business to partners, shareholders, and employees on travel assignments. As soon as a document leaves the corporate network it is out of the control of the IT department. Even if you issue each of your employees a work laptop, it’s impossible to enforce controls in the same way – and good luck getting an outside partner to make the switch to your hardware.
So, what’s the solution? As well as making the best efforts to secure your network and devices, you should secure the documents themselves. Sadly, while several solutions claim to prevent copying, few of them actually work.
Let’s look at some of the options below:
1. Virtual Data Rooms
Virtual data rooms are a popular way for businesses to prevent copying. The company rents space on a secure server that is protected by a username and password. Documents are uploaded to this secure space and those outside the premises access it via their browser. Usually, this web interface does not allow users to copy and paste or extract files to their own desktops.
However, there are various issues with this kind of system. The first is that the mechanism used to protect the data room – a password – is inherently insecure. A user could intentionally share the password with anybody they like to grant them full access to the documents with no copying needed.
Additionally, if printing is allowed, browsers are unable to stop users from printing a PDF to make an unprotected version of the document which they can copy and distribute at will.
Even assuming those two routes are somehow closed down, however, the browser is not a safe environment. A user can easily inject scripts or install plugins that allow them to copy and paste even though they’re not supposed to be able to. Alternatively, they can just screenshot their browser window and use an OCR tool to extract the text.
2. Adobe Acrobat
Another route to protect documents is through PDF editing and protection software such as Adobe Acrobat. The application allows you to apply a “permissions” password to your document which is required for the user to do any editing or copy and pasting.
Unfortunately, though it may seem foolproof, this system is easy to bypass. A malicious person doesn’t even need to pass on or compromise the password to share the contents. Even if you untick Adobe’s “Allowing copying” option, users still seem to be able to copy and paste text by using the Ctrl + C and Ctrl + V shortcuts rather than right-clicking.
If that doesn’t work, All they need to do is upload the PDF to a freely available online service that will strip its protections. This takes a grand total of a minute and lets them create infinite copies of the document’s contents. Of course, the pitfalls of web-based security can also apply, with leakers able to install plugins or take a screenshot.
3. PDF DRM solutions
The final and most compelling solution is a PDF DRM solution. These are purpose-built to protect documents from copying and do so well. Through a combination of strong encryption, a secure viewer application, and device-specific certificates, they ensure that only authorized people can open documents and nobody can edit, copy and paste, or screenshot them.
Typically, this is achieved by encrypting the original PDF file into a proprietary file format that can only be opened by the secure viewer application. This ensures that unauthorized plugins or scripts cannot be used to modify its anti-copying or screenshotting controls. As well as the secure viewer, end users need a previously distributed license file on their PC that enables them to obtain the decryption keys for the document. This ensures that even if somebody was to intercept it they would not be able to open or copy it.
The license is also for one-time use and the keys are stored in memory, which means an attacker is unable to extract them from the PC or install a copy of the license.
Through these mechanisms, as well as ones to stop unauthorized printing and access, organizations can stop copying their documents regardless of whether an employee is in the office or on their personal laptop in another country. Further, if any mistakes are made along the way, access to a document can be permanently revoked, stopping any further distribution.
While DRM is still not perfect – it can’t stop a user from taking a picture of their screen with their phone – it’s one of the most effective routes a business can take to stop document copying and leakage.
