How to securely share documents externally without portals or passwords
Secure document sharing sites are incredibly convenient – especially during the collaboration process. When it comes to sharing sensitive documents, however, they’re not fit for purpose. Here’s why.
Though much of a business’s document sharing is done within the organization, there’s plenty of information that must be passed to outside parties. Whether it’s a lawyer, shareholder, or partner, eventually somebody is going to need information that exists outside the sphere of your corporate network.
Unfortunately, when push comes to shove, many fall down the trap of choosing a secure document sharing platform for this purpose.
What is a secure document sharing platform?
A secure document sharing platform or portal, is generally a website or cloud service that allows users to upload documents for sharing and/or collaboration with clients, colleagues, vendors, or other third parties that are outside of the corporate network. Data rooms are one example of this, as well as secure cloud-based collaboration and file storage services.
There are some slight differences between these, though.
- File sharing sites enable users to upload and download files – similar to FTP, but users login to a file-sharing portal rather than using an FTP client.
- Secure data rooms and cloud collaboration systems, on the other hand, also enable users to view documents online – documents are usually converted to images or html so that multiple file types can be easily supported.
Where secure sharing platforms fall short
Secure sharing platforms and data rooms are fine if your only objective is to prevent unauthorized users from accessing your (or the other party’s) information. So, for example, in M&A transactions where neither party want to disclose information outside of a group of users, they work fine. However, they’re not the best way to securely share documents since they neglect a major part of the document security equation: leaks from authorized users.
Unless you trust every single user in the document chain explicitly (which you shouldn’t) leaks from authorized users will always be a concern. Whether due to neglect, malice, or social engineering, information leaks from authorized users every day. Secure sharing platforms and portals do very little to address this, with several limitations that make sharing documents with outside parties very easy:
- Access is usually protected by a username and password, which can be shared with anyone.
- Documents are generally viewed in the browser, which has limited ability to enforce controls.
- The ability to stop screenshots is limited or non-existent.
- If printing is enabled, printing to PDF and other file drivers is not disabled, allowing users to make an unprotected copy.
- If users want to view documents offline then all protection is stripped. If a watermark has been applied then that can then be easily removed in an editor (i.e. a PDF editor for PDF files).
There are other problems with secure sharing platforms, too. You have to upload your unencrypted documents to an external server that you have no control or visibility over. If your provider experiences a security breach, your documents could be extracted if they do not have adequate protection in place.
Then there’s the price. You’re usually paying per-user account, which can quickly lead to unpredictable billing and spiraling costs. Management can be complex too, particularly if the solution uses role-based permissions, so you could end up with additional training and staffing costs.
In short, secure document sharing platforms and portals aren’t suitable outside of the collaborative stage. They won’t stop your confidential documents from leaking, and they’ll cost you an arm and a leg all the while.
Why Safeguard is more secure than document sharing sites
Locklizard’s Safeguard PDF Security offers superior document protection at a superior price. Through a combination of encryption, DRM controls, a robust licensing system, and its secure viewer application, it prevents sharing by unauthorized and authorized users.
As well as restricting who can open, edit, share, and print a document, Locklizard can prevent screenshotting, restrict the devices and locations where the document can be opened, expire PDFs, remotely revoke documents, and more. Importantly, it also offers companies the option to log views/prints and add dynamic, identifiable watermarks. This means that if a document gets out there despite the odds (software can’t stop a user from taking a picture of their screen with a camera), you can find the source of the leak.
Unlike secure sharing platforms, the document does not need to leave your device to achieve this protection. The encryption is performed on device and only the PDF’s name, creation date, and restriction details are uploaded to the licensing server. You can even host the licensing server yourself if you wish for full control and visibility over the process.
Finally, Safeguard can work fully or partially offline, with support for protect to a USB device and the ability to customize how often the licensing server checks whether a user still has permission to open the document.
How it works
When you protect a PDF with Locklizard, it is encrypted with 256-bit AES encryption. This turns the document into an incomprehensible jumble of numbers and letters for those who don’t have the encryption key required to open the document.
However, encryption alone isn’t enough to keep documents safe. The implementation of the encryption – what is used as the decryption key and how it is enforced and distributed – is vital. That’s where Safeguard’s secure licensing system comes in. Once a customer has been added to the Admin System and activates their license file, document decryption keys are securely and transparently transmitted from the server to an encrypted keystore on their device.
When a user opens a document, it is only ever decrypted in memory so that its contents are not available in plain text in a temporary file. Further, they must use the secure Safeguard Viewer application to open the file, which enforces the DRM controls. With Safeguard you can:
- Restrict PDF editing
- Stop copying and disable copy/paste
- Disable PDF printing or limit prints
- Prevent screenshots by blocking screen grabbing software
- Expire PDF files on a set date or after a number of days, opens or prints
- Lock PDF files to devices and locations
- Prevent saving to unprotected formats
- Add dynamic watermarks that identify users and are permanent
- Track PDF opens and prints
- Revoke access instantly
- Change security settings after distribution of PDF files
This combination of encryption, licensing, and DRM controls make Safeguard Security a far better option for secure external document sharing.
How to securely send documents externally with Safeguard
The process to securely send documents with Locklizard Safeguard is quite simple despite the additional protection it offers. This is how you protect and send a PDF step-by-step:
- Right-click on an ebook on your computer and select ‘Make Secure PDF’.
Creating a DRM protected PDF
- Choose the DRM controls you want to enforce.
Adding DRM controls to a PDF using Safeguard PDF Security
Switch between the tabs at the top of Safeguard Writer and select the DRM controls you’d like to apply to the document. Pay particular attention to the anti-screenshotting and printing controls (these are enabled by default), as these provide another layer of protection to stop users from making copies.
- Press the “Publish” button at the bottom of the dialog to protect the PDF file.
- To assign access, open your Safeguard administration system and log in.
Safeguard Admin System Logon
- Open the “Customers” tab and press “Add” in the sidebar
Adding a new user in the Safeguard Admin system
- Enter the user information and click on the “Set Document Access” link in the “Manage Access” section.
Entering user details
- Select your document and press “OK”.
Safeguard Document Access
- Press the “Add” button on the customer account.
Keep the “Email license” checkbox checked to have the license file emailed to the user’s email address that you have entered. The user will be sent an email with their license key and instructions on how to download the secure PDF viewer software. You can then send them their protected PDF via email, messaging, or any other normal distribution channel. It doesn’t matter who can access the protected PDF as only authorized users will be able to open it.
Once the user activates the license in the secure PDF viewer application, they’ll be able to read, but not edit or copy your PDF.
How to securely send documents externally via USB
USB devices are typically considered one of the least secure ways to share documents. Without additional protection, once they’re out there they can be easily lost or stolen. Safeguard, however, allows you to conveniently hand documents to external parties on a USB device without having to worry. This is how it works:
- You protect your PDF files using Safeguard PDF Security and add DRM controls by following the steps above.
- After you publish the document, you press “Protect to USB…”.
Protecting to a USB with Safeguard
- You select the USB drive you want to publish to and press “Publish All”.
Configuring USB publication with Safeguard
Along with your PDF files, a portable secure viewer is automatically copied to the USB device so users don’t have to install any software to view the documents.
- You distribute your secure USB device to external or internal users. You can also add a password to protect them in transit if you wish – this must be entered before users can access documents on the USB device.
- Once they have the USB device, users can open the protected PDF files in the provided viewer application.
Secure USB Viewer
- Users can also download additional protected PDF documents that they have been authorized to view to their USB devices. The keystore is automatically populated with keys accordingly.
The best choice for secure external document sharing
To summarize, secure sharing platforms may be suitable during the collaboration process, but they fall apart once you start trying to distribute sensitive documents to external parties. This is also true if you sell PDF documents, such as reports, ebooks and training courses, and need to tightly control distribution and use in order to protect your revenue.
Due to their reliance on passwords and the browser, protections are easy to circumvent, and documents can be easily shared with unauthorized users.
Locklizard enables you to stop document sharing, copying, editing, and printing of documents regardless of their location, online or offline. Offline documents have the same level of protection as online ones, and you can lock use to devices & locations, add dynamic watermarks to identify users, automatically expire & instantly revoke access and track use.
Is sharing documents through Google Drive safe?
Only if you apply encryption and DRM controls first. Without the proper security, users will be able to circumvent any printing or editing controls and create an unprotected, shareable copy of your document. They could also simply screenshot your document and share it that way.
Does Adobe Acrobat prevent unauthorized sharing?
No. Adobe Acrobat’s copy protection is easily removed and therefore useless. Users can also just share the password along with the document and any restrictions added to stop editing or printing can be instantly removed.
Can I share secure documents online & prevent printing?
Yes, Safeguard enables you to securely share documents online and offline that have printing disabled. Unlike Adobe Acrobat and secure document sharing platforms, users cannot bypass or remove printing restrictions.
How do I share a company Google document externally?
Just sharing the document’s link won’t afford proper protection. Ideally, you should export the Google Doc as a PDF and protect it with a DRM solution like Locklizard before sharing it.
Can watermarks help prevent leaks of confidential & sensitive documents?
While static “do not distribute” watermarks are good at reminding well-meaning employees not to share documents, they do not prevent intentional leaks. Those added with Adobe Acrobat & similar software can also be easily removed.
Dynamic watermarks can act as a deterrent as well as a reminder. With them, you can display a user’s name and email address, and other identifiable information. This is dynamically added when the document is viewed or printed so you don’t have to create individually tailored documents. As a result, anybody who leaks confidential or sensitive documents does so with the knowledge that it will be easily traced back to them.