Accountants in all facets of the profession continue to adopt PDF files as the foundation of their document storage and management platforms. Further, PDF files increasingly serve as a medium for exchanging information between accountants and their peers, clients, customers, vendors, and other trading partners. Unfortunately, many professionals using PDF technologies continue to labor under the erroneous assumption that PDF files are secure and others cannot change them. In fact, PDF files are unsecured by default and those using PDFs should take specific actions to secure these documents and prevent disclosing sensitive and confidential data. Fortunately, Adobe Acrobat provides a number of very good options for securing PDF documents.

In addition to securing PDFs with passwords, authors of PDF documents can secure those documents using digital certificates. To utilize this measure of security, one must first have a digital ID; a complete discussion of digital IDs is beyond the scope of this article; for more information on digital IDs, please visit http://tinyurl.com/k2tips-digitalid.  With certificate security, Acrobat encrypts the PDF so that its contents are accessible only by those persons specified by the author; further, document recipients have confidence in knowing that the document originated with the owner of the digital ID. Two strengths of using certificate security are that they 1) eliminate the need to share passwords and 2) allow authors to assign different permission levels to different users. The entry point to apply certificate security is similar to that of securing a PDF with a password; click on the Advanced menu, Security, and Encrypt with a Certificate.

In addition to the two common security methods cited above, other very good security options exist for protecting PDF documents in Acrobat. Users can save security policies, for example, for either password or certificate-secured documents and reuse these policies on future documents. Additionally, those in larger organizations may consider using Adobe LiveCycle Rights Management, a server-based security model that stores security policies; users connect to the server to work with these policies. Also, redacting sensitive information out PDF documents is an easy way to ensure that such data is not accidentally compromised; to redact information, select Redaction from the Advanced menu. Finally, creating a Security Envelope is a terrific way of encrypting and securing not only a PDF document, but also related files such as Excel workbooks and Word documents. A Security Envelope allows users to place a PDF “wrapper” around multiple documents of virtually any file type and use that PDF wrapper to control security for the entire batch of documents.

Accountants everywhere are storing sensitive and critical data in PDF documents. By default, PDF documents are not secure and, as such, the data contained therein runs the risk of compromise. Take a few minutes now to learn more about each of the methods for securing PDFs discussed in this article and decide which methods will work best in your situation. Regardless of the method or methods you choose, be sure to apply them consistently and insist that others in your organization do the same in order to avoid the potentially embarrassing and costly scenario of notifying others that you or someone in your organization compromised their sensitive data while it was in the hands of your organization.