Should You Reconsider Distributing Electronic Copies Of Documents?

May 16, 2018

The world we live in today wouldn’t function without documents. It seems like everything of importance requires signing a document to acknowledge terms and conditions. For example, companies bound by compliance regulations usually serve documents that must be signed before business can commence.

Traditionally, these documents have been printed on paper. In recent years, in an effort to combat climate change and deforestation, many documents are now served only electronically.

As an incentive to go paperless, banks and other institutions have started charging customers a fee for continuing to receive paper statements. This makes sense to individuals who want to do their part to conserve the environment. However, when organizations switch to electronic documents, the potential for compromised data is greater.

Electronic documents can easily end up in the wrong hands

Provided people aren’t intentionally making copies and handing them out, it’s easier to maintain control over paper documents. Paper documents usually end up living in a file folder inside someone’s home. The only way someone can steal it is if they physically enter the home and take it. It’s also nearly impossible for a physical document to end up in the wrong hands accidentally.

Electronic documents, however, are more likely to end up in the wrong hands and are significantly easier to obtain illegally.

Accidental distribution of electronic documents

Say you create an electronic document containing sensitive information that needs to be sent to multiple people. The document could be a contract, a non-disclosure agreement, or company login credentials. Each person you send that document to is probably going to keep it on their computer forever because people don’t clean out their hard drives often.

That’s not a problem if that person keeps their computer forever. However, if your document remains on a laptop that gets stolen or given to a family member or friend, you’ve lost all control over who might see your sensitive data.

Additionally, when someone connects to the internet via public Wi-Fi, your electronic document stands a good chance of being stolen if they don’t use proper security measures like a VPN or a firewall.

With paper documents, you can retrieve them after a period of time and shred them. Shredders are a tiny investment, and the ones that cross-shred completely prevent sensitive data from being recovered. With electronic documents, all you can do is request a person delete them from their computer. However, even when they comply, deleting a file creates a false sense of security.

Electronic documents aren’t really gone when they’re deleted

If your computer uses a traditional magnetic hard drive, when you delete a file from your computer it’s not actually gone. Not even when you empty the trash/recycle bin. Deleting a file from a magnetic hard drive only deletes the “pointer” to the file; if you use special software, you can recover deleted files. The only way to delete a file from a magnetic hard drive is to overwrite the data.

A solid state drive running Windows 7 through 10 will execute the TRIM command to immediately delete the file and free up space.

Although most of the world is moving to solid state hard drives, it will be a long time before the magnetic drive is phased out completely.

Time-sensitive documents can mitigate the risk of duplication

If you’re worried about file duplication and distribution, it’s possible to create a PDF file that self-destructs after a specified period of time. Google jumped on this technology in 2016 by supporting Digify – a third-party extension for Chrome that allows you to send self-destructing email messages.

This patent application for a self-destructing document and email system explains how self-destructing documents work:

“A virus in the form of a Trojan horse is attached to file (such as an e-mail message or document) when it is created. The virus contains a portion of executable code or an executable program, which instructs the computer to overwrite and/or delete the file to which the virus is attached at a desired time. Since the virus is attached to the file, it will travel with the file even when the file is copied, forwarded, or saved to disks or tape drives.”

This technology looks promising and will no doubt protect sensitive information from accidentally falling into the wrong hands. Though it won’t protect sensitive information from being duplicated via screen capture or copying the contents into a new document. To protect against intentional data breaches, you’ll have to continue protecting yourself with NDAs and make sure you only distribute sensitive documents on a need-to-know basis.