The portability of the PDF is among its greatest strengths but there is an often unseen risk associated with PDF files: its status as a malware threat vector via vulnerabilities in popular software solutions.
It's true — the basic PDF tools found on machines across your business, such as Adobe Reader and Adobe Acrobat, could leave the door wide open for bad actors to impact your business negatively. In fact, the Center for Internet Security recently announced a new wave of vulnerabilities that could allow attackers to view, change or delete data, install programs, and create accounts with full user rights, among others.
In all, researchers found two dozen new threats of varying severity in Reader and Acrobat. The CIS says both government entities and large to medium private enterprises face a level of "high risk" from these vulnerabilities. Although Adobe issued patches within two weeks of the discovery, the situation was not unusual – in some years, Adobe has deployed more than 100 patches for security issues, creating an expensive and time-consuming loop for IT. Because PDFs are so prevalent and entrenched in many workplaces, it’s important to secure this weak link.
Managing Risks Created by Software Vulnerabilities
Does your business have a comprehensive risk management plan in place for PDF tools? If not, these new threats should prompt action to mitigate the risk of threats. Closing these gaps requires stepping back, considering what's important and making a transition to a more secure position.
PDF Security – 4 Steps to Take Today
So what should you keep in mind as your company considers how to better manage these risks? Here are four areas to explore as you assess your PDF solution.
- Look for a solution with a record of strong security. It's well known that Reader and Acrobat require frequent patches, which creates more work for your IT department. Search instead for software that provides core PDF functionalities without the same inherent level of risk. For example, Kofax Power PDF, which currently runs on-premises versus the cloud, greatly reduces the risk of needing a security hotfix. When patches become available, download and deploy them as soon as possible to preserve the security of your enterprise. Meanwhile, explore PDF solutions that do not have the same level of visibility to hackers looking for unpatched exploits.
- Sign, certify, and secure PDFs before sharing. Bad actors often exploit software security vulnerabilities by using malformed PDF files or otherwise altering them to trigger an exploit. When sharing documents between organizations or departments, look for robust built-in e-signature capabilities. If something changes within the file after certifying the PDF, the software should invalidate the signature and make it clear that tampering has occurred, lowering the risk of encountering an exploit of software vulnerabilities “in the wild.”
- Sanitize documents of sensitive data with enhanced redaction. Reducing risk involves better PDF management alongside closing security loopholes. Did you know that simply placing a black bar over sensitive data in a PDF is not enough to hide it from prying eyes permanently? Look for software that erases the information once redacted, rather than merely concealing it from view. In the event of a data breach linked to software flaws, redactions ensure private information stays private.
- Quickly encrypt files to keep unauthorized users away. Prevent tampering with your organization's documents and stop others from pilfering confidential data that you cannot redact for internal use. Solutions that fully implement 256-bit AES encryption, a rock-solid industry standard, provide more robust protection. Password protecting PDFs is a simple way to implement effective access control.
Safeguarding Your Business Against Malicious Software Intrusions
The PDF is a highly versatile and useful tool for document management, signature gathering, and much more — but it shouldn't be a risk to your business. By turning to a solution with built-in security such as Power PDF, you can take control. To learn more, try a Power PDF trial today.