New Adobe Acrobat Security Flaws Highlight PDF Security Needs
The portability of the PDF is among its greatest strengths, but there is an often unseen risk associated withPDF files: security
It's true — the basic PDF tools found on machines across your business, such as Adobe Reader and Adobe Acrobat, could leave the door wide open for bad actors to impact your business negatively. In fact, the Center for Internet Security recently announced a new wave of vulnerabilities that could allow attackers to view, change or delete data, install programs, and create accounts with full user rights, among others.
Extensive Time Needed to Patch Adobe
In all, researchers found two dozen new threats of varying severity in Reader and Acrobat. The CIS says both government entities and large to medium private enterprises face a level of "high risk" from these vulnerabilities. Although Adobe issued patches within two weeks of the discovery, the situation was not unusual. In some years, Adobe has deployed more than 100 patches for security issues. That’s massive overhead for an IT department.
Because PDFs are so prevalent in many workplaces, it’s important to secure this weak link. By choosing a PDF solution with built-in security features, you can quickly close this gap.
Check Your PDF Solution for 4 Protections
So what should you keep in mind as your company considers how to better manage these risks? Here are four areas to explore as you assess your PDF solution.
- Look for a solution with a record of strong security. It's well known that Reader and Acrobat require frequent patches, which creates more work for your IT department. Search instead for software that provides core PDF functionalities without the same inherent level of risk. For example, Kofax Power PDF, which currently runs on-premises versus the cloud, greatly reduces the risk of needing a security hotfix.
- Consider signing, certifying, and securing PDFs before sharing an essential. Bad actors often exploit software security vulnerabilities by using malformed PDF files or otherwise altering them to trigger an exploit. When sharing documents between organizations or departments, look for robust built-in e-signature capabilities. If something changes within the file after certifying the PDF, the software should invalidate the signature and make it clear that tampering has occurred.
- Automate removal of sensitive data with enhanced redaction. Did you know that simply placing a black bar over sensitive data in a PDF is not enough to hide it from prying eyes permanently? Look for software that erases the information once redacted, rather than merely concealing it from view. In the event of a data breach linked to software flaws, redactions ensure private information stays private.
- Make sure authorization and encryption are in place to keep unauthorized users away. Solutions that fully implement 256-bit AES encryption, a rock-solid industry standard, provide more robust protection. Password protecting PDFs is a simple way to implement effective access control.
Safeguarding Your Business Against Malicious Software Intrusions
The PDF is a highly versatile and useful tool for document management, signature gathering, and much more — but it shouldn't be a risk to your business. By turning to a solution with built-in security such as Power PDF, you can take control. You can also save 70% over Adobe. To learn more, try a Power PDF trial today.