"

Estimated reading time: 3 minutes, 31 seconds

Best Practices for Securing PDF Documents

Adobe logoAccountants in all facets of the profession continue to adopt PDF files as the foundation of their document storage and management platforms. Further, PDF files increasingly serve as a medium for exchanging information between accountants and their peers, clients, customers, vendors, and other trading partners. Unfortunately, many professionals using PDF technologies continue to labor under the erroneous assumption that PDF files are secure and others cannot change them. In fact, PDF files are unsecured by default and those using PDFs should take specific actions to secure these documents and prevent disclosing sensitive and confidential data. Fortunately, Adobe Acrobat provides a number of very good options for securing PDF documents.

The simplest and most common means of securing a PDF is to add a password to the document and require anyone desiring to open the document to enter the correct password before the document will open. An added benefit of using this technique is that adding a password to a PDF document encrypts the document, making it less likely that someone could intercept a PDFs contents when the PDF is an e-mail attachment.  What many are not aware of is that Acrobat actually allows two independent passwords to be associated with a given PDF – one that a user must know to open the document and a second that users must know to make changes to the document. If the author specifies a second password, he can explicitly control what editing and printing privileges others will have when they open the document. There are several entry points to add passwords to a PDF document; among these are clicking on the Advanced menu, Security, and Encrypt with a Password.

In addition to securing PDFs with passwords, authors of PDF documents can secure those documents using digital certificates. To utilize this measure of security, one must first have a digital ID; a complete discussion of digital IDs is beyond the scope of this article; for more information on digital IDs, please visit http://tinyurl.com/k2tips-digitalid.  With certificate security, Acrobat encrypts the PDF so that its contents are accessible only by those persons specified by the author; further, document recipients have confidence in knowing that the document originated with the owner of the digital ID. Two strengths of using certificate security are that they 1) eliminate the need to share passwords and 2) allow authors to assign different permission levels to different users. The entry point to apply certificate security is similar to that of securing a PDF with a password; click on the Advanced menu, Security, and Encrypt with a Certificate.

In addition to the two common security methods cited above, other very good security options exist for protecting PDF documents in Acrobat. Users can save security policies, for example, for either password or certificate-secured documents and reuse these policies on future documents. Additionally, those in larger organizations may consider using Adobe LiveCycle Rights Management, a server-based security model that stores security policies; users connect to the server to work with these policies. Also, redacting sensitive information out PDF documents is an easy way to ensure that such data is not accidentally compromised; to redact information, select Redaction from the Advanced menu. Finally, creating a Security Envelope is a terrific way of encrypting and securing not only a PDF document, but also related files such as Excel workbooks and Word documents. A Security Envelope allows users to place a PDF “wrapper” around multiple documents of virtually any file type and use that PDF wrapper to control security for the entire batch of documents.

Accountants everywhere are storing sensitive and critical data in PDF documents. By default, PDF documents are not secure and, as such, the data contained therein runs the risk of compromise. Take a few minutes now to learn more about each of the methods for securing PDFs discussed in this article and decide which methods will work best in your situation. Regardless of the method or methods you choose, be sure to apply them consistently and insist that others in your organization do the same in order to avoid the potentially embarrassing and costly scenario of notifying others that you or someone in your organization compromised their sensitive data while it was in the hands of your organization.

Read 11333 times
Rate this item
(0 votes)

Latest from Thomas G. Stephens, Jr. CPA.CITP

Visit other PMG Sites:

Template Settings

Color

For each color, the params below will give default values
Tomato Green Blue Cyan Dark_Red Dark_Blue

Body

Background Color
Text Color

Header

Background Color

Footer

Select menu
Google Font
Body Font-size
Body Font-family
Direction
PMG360 is committed to protecting the privacy of the personal data we collect from our subscribers/agents/customers/exhibitors and sponsors. On May 25th, the European's GDPR policy will be enforced. Nothing is changing about your current settings or how your information is processed, however, we have made a few changes. We have updated our Privacy Policy and Cookie Policy to make it easier for you to understand what information we collect, how and why we collect it.