Data Breaches & Document Security

Using DRM to control data breaches & enforce document security.

As data breaches continue to rise it has become increasingly important to have a data and document security system in place.  Here we discuss how DRM can help to secure confidential information against exposure and misuse.

2019: The year of aggressive data breaches

Data breaches in 2019 no longer gave the appearance of black hooded hackers in dark rooms, scouring through realms of codes or text.  Instead, the recurring theme was one of panic-stricken executives and security professionals frantically scrambling to issue public relations apologies and speaking to their attorneys.  ‘Unsecured database’ was the term of the year, given the spate of data breaches that took place month on month, week after week.

Each month a new company would send out urgent messages to its customers, asking them to change their passwords and report any leaks in their accounts.  Large, prominent companies repeatedly saw their brand names spring up in instances of negligence regarding unsecured customer data.  Organizations in healthcare, hospitality and government saw classified consumer information left exposed on the Internet that was quickly transacted by hackers who barely sweated to make an entry.  This is despite HIPAA for the protection of confidential patient information and NIST and DFAR contract requirements for protecting controlled unclassified information and the GDPR in Europe.

According to research from Risk Based Security, the total number of breaches in 2019 was up 33% on last year, with public entities, retailers and medical services the worst affected.  This revealed that more than 5,000 data breaches took place with a total of 7.9 billion records exposed. And if that wasn’t enough, November 2019 was regarded as the worst ever month on record for data breaches.  To end the year on a high, Travelex, the travel money firm, was hacked on New Year’s Eve and was still down 9 days later.

The effects of a data breach

So, how much cost does an organization incur on an average data breach?  According to statistics revealed by IBM, an organization can stand to lose over $4 million in investigation costs, damage control, legal actions, repairs, security solutions and fines.  With no signs of hacking slowing down, it could only get harder to quantify costs as data breaches become increasingly widespread and rampant.  And in more recent cases, such as the UK government’s accidental disclosure of 1,000 home addresses of candidates for the honours list, potentially exposing them to personal danger, the impacts can be personal, not simply financial.

And if organizational costs were not enough, the cost borne by individual consumers worldwide in 2019 alone has been hard to quantify since it takes time for the data to be sold in the information marketplace where it is then misused.  However, this cost will magnify manifold in 2020.  Sensitive credentials such as passport details, Social Security numbers, social media details, bank account information and medical records sent millions of people across the world into a frenzied lockdown as more stolen data was out for everyone to see.

It is almost impossible to calculate the time, effort and money spent by companies trying to recover from the woeful negligence of some of these organizations.  And, it can be almost unimaginable to predict future damages to both companies and consumers.  Some experts opine that as data breaches continue to rise, it will become the responsibility of every individual to keep a watchful eye on their personal and private credentials.  But, unless there are sweeping reforms across the world ensuring that data remains clean and secure throughout its lifecycle, then this will only remain a pipe dream.

For instance, India recently decided to revise its data privacy bill, known as the personal data protection bill, in 2019 after repeated feedback and public comments.  Specific sectors such as banking and insurance previously had confidentiality clauses; and the new draft pulls in companies from across various new industries.  However, how private organizations and companies gather and process data could be different from how the government would access personal information.  The bill aims to protect individual information, but requires various applications to private firms and sweeping powers to government agencies if the proposed rules are to be enforced.  In this regard, although there is an urgency and commitment to protecting personal data, much needs to be done.  And in the time between when the bill is tabled to it becoming law, colossal amounts of data continue to be left unprotected.

Data Security, document protection and Digital Rights Management (DRM)

Organizations and individuals can address data security concerns safely today however with digital rights management solutions.  This technology can secure your classified information in documents and PDF files without sacrificing user productivity.

Most organizations have a basic file encryption system in place to safeguard company information.  And while file encryption secures data when it is stored and transmitted, the moment a recipient receives the file and decrypts it, the content in the document is now left vulnerable to theft.  This is because if a file is encrypted and the user has the key to decrypt it, and they then have full access over the document – there are no controls in place to prevent a user from sharing the document and the key with others, or cutting/pasting content, editing or deleting the data or  printing the document, thus cancelling the controls in the underlying security system.

A digital rights management solution enables you to go beyond the security offered by encryption to entirely control the use of your documents and the data they contain.  It can:

  • Control which users can access documents.
  • Stop sharing.
  • Control what the recipient of a protected document can or cannot do with it once it is opened:
  • Stop access to documents even after they have been distributed – access can be instantly revoked regardless of where documents are located.
  • Control how long documents can be used for – documents can be made to automatically expire on a fixed date, after a number of days use, or after a number of views or prints.
  • Lock use to specific authorized devices.  For example, a company computer.
  • Lock use to locations (i.e. a specific country or office location).  This is useful in controlling BYOD use in preventing users viewing confidential documents on portable devices in potentially insecure locations outside of the office.
  • Track and log document use – see when documents are viewed and/or printed.
  • Apply dynamic watermarks containing user information to identify users.

Organizations that continually share information with third parties, consumers, clients and various individuals inside and outside their network must look to a DRM solution to replace their rudimentary file encryption for complete data security.

Using DRM can enable your organization to share documents securely and sell documents securely with full control over your IPR at all times.  It can also ensure you remain totally compliant with privacy regulations and that data is no longer accessible past its use by date.  Critically, DRM controls prevent recipients of protected documents from being able to automatically process them, and thus significantly reducing the potential for a wide-scale use of stolen documents and minimising the risk of what might otherwise be a serious data breach.

Reducing your organization’s data security risk is simple, once you make the switch to Digital Rights Management for your data security and document protection.