Secure Collaboration Best Practices: The Dangers of Password Protected PDFs
It’s taken the general public some time to get used to various document formats. It’s taken even more time, as well as a few serious and publicly embarrassing mishaps, for most people to give credence to the security risks of file-sharing.
In general, people are using the PDF format more, now that technology has produced programs that make it easier to use. PDF converters and PDF printers are more readily available than in the past. Yet, there’s still a lot of confusion about how and when to use PDFs. There’s even more uncertainty around secure collaboration pertaining to various PDF file-sharing programs.
No matter what type of not-for-profit you’re leading, you likely handle a great deal of private, sensitive information. If your not-for-profit were to suffer a data breach, it could be detrimental to the integrity of your organisation and negatively impact your reputation.
A board portal is not only the answer to running an efficient not-for-profit organisation, it’s your answer to secure collaboration.
Related article: Staying Cyber Aware in a Crisis: Smart Tips for Not-for-profit Boards
What’s All Involved with Document Security?
Document security encompasses protecting access to your documents, preventing them from being edited, and preventing them from getting into the wrong hands.
The security measures most people commonly think of are:
- Password protection
- Watermarking
- Expiration dates on documents
- Digital rights management restricting copy, print, or forwarding
- Document viewer tracking
These tools are a great start to your security efforts, but not-for-profit board members need to be aware that they’re not foolproof.
Once people got used to using the PDF format, it was clear to see its benefits. PDFs make it possible for people to view and exchange documents in an environment that’s different than the one they were created, viewed, or printed in, even though the document looks the same on a screen.
Many people are under the impression that just because they change a document from Microsoft Word to a PDF that they get full security along the way. While that’s a common misperception, it’s simply not true. Anyone can easily change the content, formatting, page order, or any number of other things by merely accessing a PDF editor. That’s something that should concern your board very much.
Not-for-profit boards that are a bit more security conscious, might believe that they can just set a password and that’s enough to protect their documents. That may or may not be true. To protect their organisations, not-for-profit board members should be clear on what passwords do and don’t do. The other issue with using passwords for protection is they don’t allow you to grant access to documents granularly. Anyone that has the password can view your document.
Basic password protection works well for managing basic permissions, but it’s far from being completely secure. Someone with the right know-how and the right tools could easily attack your files and gain unauthorised access to them.
Related article: How Not-for-profits Are Providing Support During COVID-19
Understanding More About File-Sharing and Internet Security
It may be helpful to understand a few other things about file-sharing and online security in general. You come across certificate security every time you pull up a website that begins with “https”. The “s” on the end of the “http” means that the website you’re viewing uses SSL encryption based on certificates to prevent anyone from monitoring a website or tampering with it.
Many businesses have caught on that file-sharing apps, even top name file-sharing apps like Google Drive, Dropbox, and Microsoft Azure, aren’t as secure as most people think they are. Only after some businesses were subjected to hacking and suffered public embarrassment because of it, they made moves to restrict how their employees could share documents and other sensitive information.
If your not-for-profit relies on publicly available file-sharing apps, you need to be aware that these apps were originally designed to appeal to the general public. They work as they were intended to, but they were never designed with the intent of protecting highly confidential business information.
The real danger in not keeping your collaboration protected lies in taking your documents and other information outside of a protected environment where the privacy settings are completely out of your control.
Consider also, that many file-sharing app providers use shared servers. While you may feel secure in the credentials that you’re using to protect your information as it’s stored in the cloud, the other parties that share the same cloud may not be as attentive or diligent about security. Where you’re using shared servers, there’s always a risk of someone hacking into the cloud and having your data be at risk along with someone else’s. Security risks abound even when you use encryption, so be sure that your security protection extends to your cloud’s metadata as well.
Nearly everyone today is using mobile devices and they also put your documents at risk if you’re not committed to secure collaboration. Devices can easily be lost or stolen and when they are, your data is at risk.
Related article: 3 Reasons Why Document Sharing Apps Are Not Enough for Boards
Secure File-Sharing Within Your Board Portal
Your not-for-profit board likely shares many important documents electronically over the course of a year. If personal or sensitive information gets in the wrong hands it could cause your organisation to be fined or sued. As you know, any negative publicity will certainly impact your reputation and that will negatively impact your donations. Ultimately, non-secure file-sharing could lead to the demise of your sustainability. The responsibility for secure collaboration lies with the board.
Security isn’t something your nonprofit should be leaving to chance. Not-for-profit board documents require more than run-of-the-mill security efforts. There’s a better alternative to securing collaboration between board members and that is your BoardEffect board portal.
With BoardEffect, all of your documents, meeting minutes, board reports, and other board collaboration efforts are stored securely inside your board’s portal system. There’s no concern over struggling with cryptographic keys because your portal offers a multi-layered defense to protect your data through a state-of-the-art dedicated SOC2 infrastructure. With BoardEffect, you get granular control over the level of access that helps you meet your objectives. BoardEffect’s security protocols meet the NIST 2014 Cybersecurity Standard framework, which is trusted by financial institutions and other organisations that have high standards for data protection.
You can count on BoardEffect to give you all the features you need to help you put together board books, collaborate securely, and manage your board cycles. BoardEffect is the modern governance solution for nonprofit boards.
Related article: The Importance of Budgeting for a Board Portal