Five Ways to Make Your Digital Documents More Secure

From contracts to academic research to letters to Congress, associations rely on digital documents. But an insecure document can create concerns from poor contract security to potential piracy. Read on to learn how to resolve those issues.

Digital documents are a fact of life for many associations—whether in the form of contracts, white papers, revenue-generating documents, or internal research.

But not having a secure strategy around those documents can create significant problems down the road—content piracy, poor metadata management, vulnerable digital contracts, and more.

With that in mind, here are a few resources association pros should look toward to improve their digital document security.

1. Lean on Digital Signatures

Copying and pasting a signature inside a Word document simply doesn’t offer the permanence that a good contract should have. It could create legal problems and other challenges in the future.

To create more secure contracts, manage them in a way that a digital signature means as much as a physical one—something that a simple copy-and-paste doesn’t do. With a true digital signature, the document is locked after “signing,” in the same way a physical contract is considered valid once all parties have signed.

A lot of applications support digital signatures, including Adobe Acrobat, the application from which the PDF is based, as well as Microsoft Word. But some of the better and more efficient solutions come from the software-as-a-service (SaaS) space, with companies like Docusign and the Dropbox-owned HelloSign offering efficient ways to manage documents with a signature on a tablet or a phone.

2. Build Strong Policies

The bedrock of a good secure document strategy is encryption. But not to be forgotten in the process of document security is having the right policies for distributing documents in the first place, including how they should be encrypted, who they can be emailed to, and how they can be accessed.

The strategy isn’t just about educating users; it’s also about creating standards they know to work within.

The SANS Institute offers a variety of template documents for different digital security policy approaches, including policies around types of encryption, digital signature management, and ethics.

Building the right policies can help to keep your organization safe, while helping to ensure that the people who touch secure documents understand the parameters.

3. Scrub the Metadata

If you distribute a document for public consumption, you don’t want to distribute your editorial process along with that document—there might be sensitive or even confidential information hiding in metadata.

In the past, one way to handle this might have been to print out the document and scan it back in, ensuring that the information on the page is the only information that reaches the eyes of readers.

But simply printing and scanning in a document to remove the metadata can introduce problems with accessibility that the digital document did not have—which means that you could be making documents that don’t meet compliance standards, such as the Americans with Disabilities Act. (Also, it wastes paper.)

This is something that the pro version of Adobe Acrobat allows users to do, by making it easy to remove hidden content or redact information not intended for a specific audience. If you have a lot of documents that need metadata removal, a more specialized tool, such as Litera’s Metadact, might be useful.

4. Use a Digital Rights Management Tool

Maybe you’re not trying to keep sensitive data out of prying hands but trying to ensure that information people pay for isn’t distributed without your consent.

If you’re selling e-books through your online store, for instance, you want a different approach to encryption than you might if you’re distributing a white paper for free. As a result, you want to bring in technology tools that can limit access to the owners of a given document.

A number of vendors offer digital rights management (DRM), including Digify and Vitrium, which can help to protect an investment in for-profit digital resources.

If you go down this road, note that DRM is controversial among end users and within the technology industry because of how it affects the spread of information. Keep in mind what your members expect from you—and ensure that you’re using DRM in an area where the benefits outweigh the costs.

5. Offer a Secure, Cloud-Based Reading Tool

But what if you don’t want users to put their hands on a PDF or Word document at all? One strategy worth considering is leaning on cloud-accessible platforms that are built in a way that prevents documents from being downloaded or modified at all, with the goal of keeping them private or secured.

This can be effective for organizations that hold boardroom meetings digitally, noted Jeff Middlesworth, chief product officer at Boardable, in an interview last year.

“You want to make it easy to get to, but you don’t really want them to download that, then email it to their Kindle, and then sell their Kindle to their grandson,” Middlesworth noted.

Another area where this might make sense is as an alternative to encryption from a digital rights management standpoint. After all, if a document can’t be saved or used elsewhere, it makes it much more likely that it can be secured.

(ipuwadol/iStock/Getty Images Plus)

Ernie Smith

By Ernie Smith

Ernie Smith is a former senior editor for Associations Now. MORE

Got an article tip for us? Contact us and let us know!