Insider threat #3: Beware the humble PDF

Image: © Tim Sandle

There is a strong upward trend associated with insider cybersecurity risks. This is manifest in the form of security incident costs, frequency, and time to contain. Each demonstrating that traditional approaches to insider risk are simply not working.

In addition, surveillance platforms have not proven to be particularly effective, and to make matters worse, they are burdensome to deploy and manage.

For such reasons an annual event is celebrated and September 2024 sees the next iteration of National Insider Threat Awareness Month.

The event is observed annually in September. It was first launched in 2019 to help organizations and individuals better understand insider threats and encourage the development of strategies to address them.

Previously Digital Journal has heard from Carl D’Halluin, CTO, Datadobi and Larry O’Connor, CEO and Founder, Other World Computing (OWC). Now is the turn of DeeDee Kato, Vice President of Corporate Marketing, Foxit.

Kato focuses on a specific issue – the portable document format: “This year during National Insider Threats Awareness Month I think it’s time to shine a light on the importance of robust document security measures – especially, when it comes to the often-overlooked PDF.”

The misuse of the PDF is most often conducted in error by the employee, as Kato finds: “Whether you are a government agency, a business, a healthcare provider, a financial institution – it is a safe bet that highly sensitive information is contained within your PDF docs.”

Proof is in the detail, observes Kato: “However, it is important to know that not all PDFs are created equal – especially when it comes to providing protection against internal threats, or external for that matter. But, if data protection and security are a concern (and these days, who isn’t concerned) then you need to know what to look for when choosing your PDF software.”

Kato’s sound advice is: “I think many of you know that you should start off by choosing a solution that doesn’t skimp when it comes to robust protection features – like encryption, digital signatures, and redaction tools. This provides the peace of mind that that only authorized users can access sensitive content and that confidential information is permanently removed, if necessary.”

Following this, the expert observes: “Next on the checklist should be advanced permission settings to control actions such as printing and editing. And let’s not forget that it should integrate with Microsoft OneDrive, SharePoint, etc. to protect your documents, data, and personal information, as well as include watermarking to deter unauthorized distribution. Audit trails and tracking capabilities are two more features that will take your data protection and security to the next level – enabling you to monitor access and modifications, and comply with those all-important data protection regulations.”

Drawing these strands together, Kato indicates: “During this National Insider Threats Awareness Month and all the months to come… remain relentless in your pursuit to prevent insider threats – leave no stone unturned, and scrutinize every potential risk, even those that may appear benign, like the seemingly harmless PDF.”