Since the invention of the PDF format in 1993, it has grown into one of the most ubiquitous solutions for sharing information across diverse platforms. From creating fillable forms suitable for any purpose to providing a canvas for digitizing paper documents, most users think the benefits of PDFs are well- understood—but there’s more to the story when it comes to security.
Ponemon Institute revealed in a study for CNNMoney that 47 percent of U.S. adults had been hacked over a single twelve-month period. According to Symantec, half of hacking attempts involve small business targets, and 60 percent of businesses have experienced phishing attacks. Personally and professionally, security matters—and PDFs may offer the solutions you or your business needs to stay safe.
Keep Sensitive Data Safer with Passwords
PDFs were made for sharing, but not everyone should see every document. What if you have something you’d like to keep secret and share selectively? Good news—PDFs are easy to password protect. Providing a first-line defense against prying eyes, passwords don’t encrypt the document’s contents, but they do serve as a deterrent to basic snoopers.
In using passwords to protect PDFs from unauthorized users, remember to keep password security best practices in mind. According to a study by Microsoft from 2019, tens of millions of users were detected re-using passwords already breached from other websites in data leaks. To protect data inside a PDF, such risks aren’t acceptable—use strong, long, and unique passwords, and rely on management software if you have trouble remembering them.
Take Advantage of Built-In Support for Encryption
Not all passwords encrypt a PDF, but most encryption requires setting a strong password. What’s the difference between the two?
A password alone is like a security guard in front of the library — if you know the password, you’re in, and that’s all there is to it. Encryption scrambles the contents, so not only is there a guard, but all the books inside the library are gibberish, too. Only with the right “key” can you unscramble the data. PDFs allow you to take this measure, providing absolute security whenever you or your business need it.
Did you know the PDF format supports the gold standard for data security, 256-bit AES? The U.S. government developed this standard—today, it’s well-known for being virtually unbreakable when properly implemented, including in PDF software.
AES, short for the Advanced Encryption Standard, would take more time to break than has passed since the beginning of the universe—we’re talking trillions of trillions of years, even with the world’s most powerful computers.
PDFs Support Certificate-Based Security
Locking down your PDFs with a password isn’t the only way to share these files securely. In fact, passwords have more than a few shortcomings some users and businesses may find undesirable. Switching to security based on certificates eliminates common problems related to sharing, storing and remembering passwords, and rich PDF software has this feature baked into its document security settings.
Those who need to work with these PDFs receive a digital security certificate from the issuer. These certificates contain a randomized “public key.” When you receive an encrypted PDF, it compares your public key to the private key used to create the encryption. If they mathematically match, the document unlocks. It’s a fast, easy way to create robust access control systems, but many users don’t even know it’s possible. Certificate access also allows for granular control over which editing functions different users may perform on a document.
Redact Information the Right Way
Some users need to share documents containing important information and sensitive data unsuitable for public release. Such data might include personal information or proprietary materials. PDFs support redaction via the appropriate software, but mistakes are still common—in fact, the Columbia Journalism Review once published an article titled “Thank You to Everyone Who Can’t Properly Redact Documents,” a tongue-in-cheek look at many recent failures regarding PDF redaction.
PDFs get blamed for these failures, but the incorrect use of tools and mistaken assumptions about how they work are more often to blame. PDF format supports the complete removal of redacted information if the user simply remembers to merge the changes into the copy intended for sharing—then they can store the original, un-redacted version in a secure, encrypted manner.
Reconsidering the Humble PDF
With the proliferation of more advanced tools for manipulating PDFs, this mature file format continues to avoid obsolescence. By embracing modern security, such as 256-bit AES encryption and cryptographic certificate-based access control, PDFs offer everyone from the average user to the enterprise team a powerful toolset.
With digital bad actors on the rise, securing and protecting your PDFs is simple. Combined with best practices for avoiding ransomware and other malware infections, PDFs still have much more to offer to users than they think.
Ben Liu eCommerce Director at Kofax
Ben is an experienced eCommerce director in Irvine, California with more than 15 years building brands and refining the development of revenue streams. After generating more than $100 million of incremental revenue improvements in previous positions for heavy hitters across the tech industry, Ben joined the Kofax team. Now a driving force behind innovative marketing efforts and the growing popularity of Kofax Power PDF with SMBs, he continues to improve outreach via innovative chatbots, data-driven marketing analysis, and a dedication to consumer-first content. By bringing an engineer’s eye for detail to Kofax along with a passion for helping brands reach their potential, Ben’s charting a course for continued success.