Why Do Data Breaches Occur?

Why Do Data Breaches Occur?Data breaches seem to happening left and right these days, and companies of all different types and sizes are getting targeted. Has there been some sort of uprising of cybercriminals or are these companies just being careless? Let’s take a look at some of the reasons these data breaches occur.

Malicious Attacks

Typically when you think of data breach, you think of a malicious cyber-attack. There’s no one reason why hackers do what they do. Sometimes they are after your banking information or intellectual property for financial gain. Other times they are just having fun or trying to prove a point, disrupting your business in the process. For these reasons, there doesn’t seem to be any single type of company that gets targeted, anyone can become the victim of a cyber-attack.

Hacking methods are becoming more advanced, and every year there are new ways to use software vulnerabilities to gain access to your information. Just recently Mozilla’s Firefox had to go through a significant update to protect its users from a vulnerability that could allow files to be stolen from their computers. Make sure that your software and web browsers are always up to date and be aware of malware that will try to circumnavigate your security controls through spyware, backdoor access points, etc.

Loss or Theft of a Device

This one of the simplest ways a data breach occurs. Someone in your organization drops a flash drive at a conference, misplaces an external hard drive in a move, or leaves a laptop behind in a taxi. Even worse is when that device is actually known to have been stolen and your company’s data is in the wrong hands. You don’t know what the thief’s intentions are and if they have plans for that data.

The worst part about a lost or stolen device is trying to figure out exactly what kind of information was on the device. The device is now out of your control and several different types and pieces of data could potentially be exposed.

While we do our best to avoid these situations, sometimes things happen. Consider implementing a BYOD policy for your organization, and keep regular backups of all your devices to help mitigate data loss.

Weak Security Controls

Having weak security seems like an obvious way to become the next victim of a cyber-attack, yet this is still a common cause of data breaches. This doesn’t mean you need to rush out today and invest in the latest, state of the art, impenetrable network security. The strongest security infrastructure won’t be effective if you don’t have the right security controls in place.

Most of the time, becoming more secure is as simple as having stronger passwords or multifactor authentication. According to Verizon’s “2015 Data Breach Investigations Report”, 76% of network intrusions were a result of weak credentials. Hackers would guess passwords, use specific tools to crack passwords, or try passwords used on other sites. Passwords were also stolen using malware or phishing attacks.

However, even with strong credential systems, companies can leave their information vulnerable if they are mismanaging access controls. Often times, employees are able to view and transport information they don’t need access to, which increases the chances of that information getting leaked. Those odds get stacked when that information is also readily accessible on mobile devices that can be easily lost or stolen, as I mentioned above.

Could you be next?

Do you think your organization is at risk of experiencing a document security breach? Use our risk grader to quickly assess your company’s risk and see what you can do to secure your information.

Responding to a Document Security Breach

Responding to a Document Security BreachGreat. The unthinkable has happened to your company. Along with Sony, Home Depot, Target, and Apple, you can add your company to the long list of recent data security breaches. With the overwhelming feeling of dread, sense of loss, and panic, there’s confusion. What do you need to do to take control of the situation? Here are some steps to take in responding to a document security breach.

1 – Don’t Panic

Any sort of security breach can be alarming, but it’s important not to panic in order to avoid hasty, poor decision-making. Take a deep breath. Just as you would tackle any other company problem, assess the situation and put together a thought-out plan of action.

2 – Prevent Further Damage

First thing’s first, control the incident to mitigate overall damage. Secure systems that were left vulnerable and prevent further unauthorized access to documents. It’s also important to make note of exactly what information was leaked. Secure any backups you may have of documents that were compromised to preserve information.

3 – Get Organized

You’ll want to notify any key company officers and board members as soon as possible. From there, establish a response team with the technical expertise to make the right decisions. Everyone on the team should have a good understanding of the incident and be familiar with the information that was compromised.

4 – Lawyer Up

If the document security breach is serious enough, it may be advisable to seek legal advice. Your lawyers will help you put together a strategy, run an internal investigation, interact with law enforcement, and comply with any legal requirements.

5 – Review Your Document Security Policy

Hopefully your company has a document security policy already in place. If so, your response team will want to review those policies to make sure that any response to the incident is consistent with company guidelines (and any other laws and regulations).

6 – Investigate

Launch an investigation to find out exactly how and why the document security breach occurred, and whether legal action will be required. This could be done internally with your company’s technical team, however, if the situation proves to be more complicated, it might be wise to hire a forensic investigator that specializes in security breaches.

7 – Notify Law Enforcement

If the investigation reveals reasonable concern that the document security breach was the result of malicious, criminal activity, the appropriate law enforcement authorities should be notified.

8 – Notify the Public

Whether your company is legally required to notify the public or not, it may be beneficial to do so in order to squash any negative buzz. By getting ahead of the press with an accurate account of the incident, you can help protect your brand reputation and reassure your company’s stakeholders (customers, investors, employees, etc.).

9 – Invest in Document Security

Now that the hard lesson has been learned, it’s time to take action to prevent a document security incident from reoccurring. It’s hard to think that this whole disaster could’ve potentially been avoided with a document security strategy, but hindsight is 20/20. Develop a plan and consider investing in a document security solution that will protect the contents of your documents and give you better control of who has access to those documents.

Is your organization at risk of experiencing a document security breach?
Use our risk grader to quickly assess your company’s risk and see what you can do to secure your information.

Now Share Encrypted Files to Salesforce CRM with Protectedpdf Document Security

Protectedpdf Integrates With Salesforce[PRWeb | Vancouver, July 16, 2015] Vitrium™ announced today that it has integrated Salesforce with Protectedpdf (the popular cloud-based document DRM document security and control software solution). This evolution was a response to customers who are demanding secure document sharing, making it easier to share secured Protectedpdf files with this popular CRM system, along with several other file sharing services.
Standard Edition Protectedpdf customers can now easily share their sensitive and valuable documents to Salesforce from within the Protectedpdf interface. The PDF document can be uploaded from Salesforce, secured, and then saved and shared back to SFDC (Salesforce) again. This is a boon for SFDC CRM users who require encryption or access controls on their sensitive, private, monetized or copyrighted documents housed within SFDC.
Protectedpdf Cloud Integration
Documents that have been protected within the Protectedpdf interface can be sent to Salesforce, Box, Dropbox, Google Drive, or MS OneDrive cloud sharing services at any time via the “cloud upload” icon.
Protectedpdf Upload to Cloud
The cloud-sharing feature is included with all Standard and Pro Edition accounts. Pro and Enterprise customers will need to contact Vitrium to see if their custom installation can be integrated.

Find out how to use Salesforce, Dropbox, Box, Google Drive, or MS OneDrive, accounts to send files to Protectedpdf, and save secure PDF files directly to any of these services.

“CRM systems like Salesforce are relied upon by thousands of businesses every day to store and share sensitive documents like contracts and proposals. With this new integration we can now help businesses protect and control access to these documents with wrap-around document security that is not only easy to apply and administer, but let’s customers share them with the tool they are most comfortable with.”

– Chris Butlin, President & CEO, Vitrium Systems Inc.

Interested in Protectedpdf? Need integration with your systems? Find out what Vitrium can do for you at www.vitrium.com/secure-cloud-file-sharing

Obfuscation or Encryption for Document Security?

Obfuscation vs EncryptionWe just recently included 256-bit military grade encryption in Protectedpdf®’s suite of document security features, in addition to our long-standing obfuscation method of digital rights management. You may be wondering what is the difference between these two security techniques. While each has its own benefits, they also serve different needs. Most organizations are likely going to find one more applicable than the other.

What’s the Difference?

Obfuscation, also referred to as beclouding, is to hide the intended meaning of the contents of a file, making it ambiguous, confusing to read, and hard to interpret.

Encryption is to actually transform the contents of the file, making it unreadable to anyone unless they apply a special key. Encryption ensures that the file remains secure by keeping the content hidden from everyone, even if the encrypted information is viewed directly. If an authorized user does have the key, they can decrypt the file, changing the encrypted content back to its original, readable form.

Obfuscated data, does not require a key and can be deciphered if the original algorithm applied is known. All you need is a decoder ring and you’ll be able to read the secret message (“Be sure to drink your Ovaltine”). With encryption, on the other hand, even if you know the algorithm and have a decoder ring, you will still need a secret key to decrypt the message.

Which to Use?

Obfuscation works well for complicated files and programs and is typically used to prevent piracy and make sure files or programs are being used in a proprietary manner. Obfuscation involves a separate program that need to be packaged with a file or executable item to protect them from unauthorized use. Obfuscation works by masking what a file or program is doing so that users cannot see or manipulate the code. Files protected with obfuscation don’t need to be accessed with any other plug-ins or executable files, making it seamless for the end user.

It’s important to maintain the DRM program with the latest software updates. There is always the possibility that someone could find a way to break through and information is left vulnerable. For this, software engineers are always coming up with new and innovative ways to rewrite portions of such DRM programs to make them even more effective against exterior threats.

Encryption and other types of document protection are important for organizations that deal with extremely sensitive materials and must meet strict compliance or governance obligations. It is especially critical with confidential information that might travel outside of the perimeter, or be synced to cloud-based file sharing services. Encryption encodes files and requires a key to reintegrate the pieces back into an intelligible whole.

Request a demo with someone from our team to talk about which method would work best for your organization.

Dispelling Document Security Myths

Dispelling Document Security MythsWith some of the recent cyber attacks on some of the biggest organizations across various industries, the risk of attack is becoming an increasingly pressing issue for all businesses. As we tread on this new territory of cybersecurity, companies are realizing that their documents are vulnerable. Unfortunately document security is still widely poorly understood.
Let’s dispel some of the myths that have emerged surrounding document security.

#1 The higher the level of protection the more disruptive it is for the end user

It’s a fact that the more secure a document is, the more barriers there are to accessing the document and the fewer options the reader has for copying, printing and otherwise interacting with the file. Software requirements are sometimes difficult to download and install, especially in environments that are IT restricted, and can make legitimate users irritated.

More and more, DRM software companies are trying to find a balance between providing content owners the protection they need while at the same time ensuring the end user (or reader) has a good experience. Make sure, when you are looking for DRM software, that the solution offers readers a seamless, non-intrusive experience, and just enough security to make sure the documents go where they are meant to and nowhere else.

#2 It’s not needed in today’s world.

We’re used to everything being readily available to us online and the natural inclination we have is that everything “should” be accessible. The open environment of the internet, it is argued, should determine what is acceptable and what is not.

While this would be an awesome ideal, it’s just not feasible in reality. Companies and organizations do need to digitally share information that is sensitive, and may be under legal obligation to protect this vital data, like financial, legal, or health care data. Additionally, there are trade secrets that companies don’t want competitors to learn, board minutes and notes, legal contracts and documents, and a whole variety of information that shouldn’t be shared with the wild wild web, or other individuals who are not authorized to access the information.

Other companies and organizations invest time, effort, and money into producing materials that are copyrighted, trademarked and produce revenue for them, such as training materials, eBooks and other documents. They need a way to protect these assets, just as you would lock your car, or insure your house.

#3 It’s too expensive

That depends on how you look at it. Like car insurance, it can save you a lot if you get in an accident. With the costs of copyright infringement or patent lawsuits ranging from $350,000 – 5,000,000, it’s no wonder companies want to avoid having to take legal action. Document protection is cheap by comparison!

Companies find that investing in document protection as part of their risk mitigation efforts not only prevents costly legal fees, but prevents revenue loss, blow-back from leaks, and other damaging consequences that can have huge impacts on the bottom line. With a good DRM system it is much more prudent to take some reasonable steps to prevent these consequences before they happen.

#4 Security can be broken

We can’t deny that at times, secured content can get broken into. Just as a determined thief can circumvent the locks on a house, we’ve seen that determined hackers or technically savvy individuals can circumvent even the strictest security policies of a document or IT firewall.

The higher level of security a document has, the less likely it will be broken or “hacked” into. At Vitrium, we have strong encryption (256bit) options, and lighter weight options (128 bit encryption, or “social DRM”) for all security needs while maintaining a hassle-free experience for readers.
Find the right balance between reader experience and the security you need. When you are choosing a service to protect your documents, think about the impact of the tool on your users balanced against the level of protection you need, or must, provide.

Download eBook: Top 6 Reasons to Protect Your Documents
This was an excerpt from our eBook: Top 6 Reasons to Protect Your Documents. If you want to read more, you can download the full eBook.

Protectedpdf DRM Encryption Now Works with Box, Dropbox, Google Drive & MS OneDrive

Protectedpdf Now Works with Box, Dropbox, Google Drive & MS OneDrive[PRWEB | Vancouver, May 21, 2015] Vitrium™ announced today that it has released version 5.6 of Protectedpdf, the popular cloud-based DRM and document encryption software solution. This latest version integrates the solution with Box, Dropbox, Google Drive and MS OneDrive making it easier to upload files from these services and save secure documents to these services anytime.

Standard and Pro Edition Protectedpdf customers who share, or would like to share, their sensitive and valuable documents via Box, Dropbox, Google Drive and MS OneDrive services, can now secure these documents and easily store them directly onto these familiar cloud file-sharing platforms. Customers having accounts with these services will find it especially useful for sharing confidential, sensitive PDF documents to the cloud service they normally would use where they can distribute them at will.

The PDF document is uploaded from the cloud service of the administrator’s choice, secured, and then can be saved and shared out to that service easily.

Cloud file sharing now included with Protectedpdf!

Cloud file sharing now included with Protectedpdf!

Documents that have been protected within the Protectedpdf interface can be sent to Box, Dropbox, Google Drive, or MS OneDrive, cloud sharing services at any time via the “cloud upload” icon.

Cloud Upload on Protectedpdf

The Protectedpdf interface now has a “Cloud Upload” icon, so you can share secure documents to your fave file sharing platform.

Protectedpdf cloud file sharing

Upload secure Protectedpdf documents to your favourite cloud-sharing platform.

The cloud-sharing feature is included with all Standard and Pro Edition accounts. Enterprise customers will need to contact Vitrium to see if their custom installation can be integrated with these services.

Find out how to use Dropbox, Box, Google Drive, or MS OneDrive, accounts to send files to Protectedpdf, and save secure PDF files directly to any of these services.

Other improvements included in the Protectedpdf version 5.6 release are:

  1. An improved help area that links to Vitrium’s new helpdesk area featuring ticket submission, knowledge base with FAQ’s, search, a community forum, and articles.
  2. Contextual memory for the web link, meaning that should a reader exit the document and then reopen the document, the point of last position will be remembered and display exactly where the reader left off.
  3. Annotations and highlighting will now be remembered while the document is offline, and be synchronized regularly. End-users can also force document synchronization via the synchronization icon as frequently as desired (offline document copy and sharing permissions must be enabled for this feature).

“Everyone knows how popular file-sharing services like Box and Dropbox are. Even if many IT departments don’t like to acknowledge this shadow IT, the fact remains – sensitive information in documents is being shared to these services. This 5.6 release enables Vitrium to meet the market need for a secure solution that can provide wrap-around security for these documents – making sure they are protected within these environments, and enabling administrators to use the tools they are most familiar with.”

– Chris Butlin, President & CEO, Vitrium Systems Inc.

Interested in Protectedpdf? Need integration with your systems? Find out what Vitrium can do for you by requesting a demo.

Read original PR Web post here.

Vitrium Releases Strong 256-Bit Encryption Document DRM for Mobile Users

Vitrium Releases Strong 256-Bit Encryption Document DRM for Mobile Users [PRWEB | Vancouver, May 7, 2015] Vitrium™ announced today that it has released version 5.5 of Protectedpdf, the popular cloud-based DRM (IRM) and document security software solution. This latest version hardens security for its HTML5 web link and provides military grade encryption protection for documents, especially those that are shared to mobile devices.

Confidential documents secured with the Protectedpdf v5.5 web link will now be secured by default using the latest standard in 256-bit AES military grade encryption without the need for end-users to download plugs or proprietary viewers to open it on the other end. The highly secured document is viewable on any modern browser and mobile users will find this DRM document security technology to be more lightweight than many others on the market today.

Organizations with highly sensitive documents, and those who must meet strict compliance and governance obligations, will find this zero-footprint encryption valuable, particularly for mobile end-users. The document-level wrap-around security solution can now meet the need for good governance in regards to confidential information that might travel outside of the perimeter, or be synced to cloud-based file sharing services. Industries that require strong protection will find this enhancement particularly relevant.

Protectedpdf 256-bit encryption is applied to the secured HTML5 web link at the time the document is secured, and includes:

  1. Full 256-bit AES military grade encryption for web linked documents in both online and offline mode
  2. Offline document encryption to ensure the best possible security – preventing unauthorized copying to other devices
  3. Content is encrypted by the server prior to sending it to the client
  4. End-user must have the correct decryption key in order to access content
  5. Strongest brute force attack prevention (1.1 x 10^77 possible key combinations)
  6. One-time hashing of the user’s password
    • Never reveals the user’s password during communication or with the server
    • The password is hashed client side and then only the hash is sent to the server
    • The server hashes the user’s real password using the same one-time hashing key and compares these hashes
    • Man-in-the-middle (MITM) attack also prevented
    • Replay attack also prevented

“Vitrium has committed to providing the best security possible. Strong encryption with the web link technology enables organizations to secure and share their most confidential material while minimizing the impact to end-users who can use any device to access it. This change enables Vitrium to make more of a security commitment to customers, and service new markets that have the need for high-level protection for their sensitive documents.”

– Chris Butlin, President & CEO,Vitrium Systems Inc.

Find out what Vitrium can do for you.

5 Steps to a Secure Document Protection Plan

httppictures.brafton.comliveimagesProtecting-documents-means-changing-default-security-settings_16000937_800884792_0_0_14065396_300A document protection plan can help to ensure that your documents are controlled, tracked and protected. As part of this plan, companies should consider their password policies, the format for their documents, and the delivery mechanism for distributing their files.

1. Make it a priority, from the top down

Yes, IT is responsible for providing solutions driven by the business need, but it is usually not up to them to identify it. It is essential that all levels of management should buy in to the need to protect intellectual assets, files, and sensitive company data, as it impacts the bottom line, and affects the digital safety and operations of the business. Ensure that executives actively promote secure document sharing policies (document hygiene) so that it becomes part of the corporate culture, and guide departments and staff so that tools and processes are successfully implemented.

2. Identify your “crown jewels”

Determine which documents and files you most need to protect. These are most likely documents that would cause revenue loss or damage to your reputation if leaked. Make a list of these documents and their workflows, and ensure these documents receive protection by utilizing a good DRM solution.

3. Set a password policy

The ability to set up passwords to safeguard content is just one of the advantages of comprehensive document protection plans. Choose a password protection solution that “travels with the document” so that no matter where it resides or ends up, the document itself is protected.

4. Select your document format based on how documents will be accessed

Many companies prefer portable document format (PDF) files because they are a common and familiar format in today’s business environment. More than one billion PDFs exist today, and these files use an open standard that is trusted by many businesses across the globe. These files can be opened on desktops and laptops using Adobe Reader which is standard on most computers.

BYOD, or “bring your own device” is becoming the standard in companies today, and the need for more flexibility in delivering secure documents means that more and more companies are also turning to web-friendly document formats such as HTML5 that can be easily viewed on any device – desktop, laptop, tablet or mobile. And the technology behind HTML5 is ever-improving with more features, improvements, and standards being applied.

5. Determine how your documents will be distributed

When you are considering a document protection plan, keep in mind how your users will be accessing your documents, and where. Even if you are sharing documents internally within a secure environment, such as an LMS (learning management system), CMS (content management system), or virtual data room, does the document remain secured when it is sent externally to a customer, vendor or supplier? Consider how that document might be viewed or accessed and whether you can trust their IT network or mobile security program.

Chose a distribution methodology that will offer the end-user a comfort level opening the document on a variety of devices, and document protection that will travel with the document so that no matter where it ends up, you have control over it.

Download eBook: Top 6 Reasons to Protect Your Documents
This was an excerpt from our eBook: Top 6 Reasons to Protect Your Documents. If you want to read more, you can download the full eBook.

Vitrium Releases Versioning for Protectedpdf® Copyright Protection Software

[Vancouver, Feb 24, 2014] Vitrium™, maker of Protectedpdf® DRM and copyright protection software, announced today that it has released a new version of its popular software that allows Enterprise users the ability to upload and manage multiple versions of their documents. Vitrium has also added a new “Instant Business Case: Why Invest in Document Protection” to their suite of resources available to businesses interested in adding PDF content protection to their risk and access management considerations.

With Vitrium’s new v5.3 release, Enterprise edition administrators can now manage multiple secured versions of their documents within the user interface, allowing for greater flexibility when documents are frequently updated.

To find out about all the new features for Protectedpdf®, go here:

Protectedpdf®’s new features include:

  1. Improved search. Administrators will be able to search for documents via the document code, or the HTML5 web viewer link.
  2. Simplified activity reports. Redundant fields in the activity report have been removed.
  3. Document versioning (Enterprise editions only). Upload multiple versions of a document and manage them right in the dashboard. The new “Version” column in the document area allows administrators to manage these versions via the new “Manage” button, and displays how many versions of the documents have been uploaded. Clicking this button allows access to the versioning management panel of the interface.
  4. Use custom group IDs and external keys. (Enterprise and Pro editions only). Some customers requested the ability to have custom identifiers to track groups. Now these clients will be able to use their own custom IDs and keys.
  5. Use custom reader IDs and external keys. (Enterprise and Pro editions only). Administrators can now track their readers using their own custom IDs and external keys.

“We continue to innovate and respond to our markets with Vitrium’s Protectedpdf®. This new release addresses several requests from customers to manage different editions of their documents, and we’re delighted to be able to offer this feature for customers who require it. Plus, the new “Instant Business Case” makes it easy for CIO’s, CTO’s, and Risk Managers to present a convincing argument for adding user-friendly document security to their business.”

– Chris Butlin, President & CEO
Vitrium Systems Inc.

Instant Business Case: Why Invest in Document ProtectionVitrium’s new “Instant Business Case: Why Invest in Document Protection” makes it easy for business managers to propose content protection. Along with their new infographic “Top 10 Why’s for the C-Suite”, Vitrium presents convincing arguments (especially in light of all the recent information security breaches) for companies to be proactive in adding copyright protection and document security to their information management workflows.
Interested in Protectedpdf®? Request a demo to find out what Vitrium can do for you.

View the original PR Web release here.

Cost fallout of a data breach felt for years

Experiencing a significant document loss, or even a major data breach, is like having a financial bomb go off in your company.

Recently, the Sony Pictures cyber attack was in the news. While the costs are still to be tallied, estimates of the impacts are in the billions and it’s considered to be the largest in history so far. Not only emails and data were taken during the network intrusion, but unsecured documents of all kinds, including confidential contracts with talent, employee payroll and benefit information, and home addresses. It is likely to take years to determine the full impact. While it is yet to be determined if another government was to blame, the fact remains, if huge companies with their enormous security budgets and infrastructure are vulnerable, all companies, large, small, and in-between, are vulnerable.

In 2013, when Target reported that the credit card information of 110 million customers was floating around in cyberspace, its fourth quarter profit fell almost 50%, second quarter profit for 2014 sank by 62%, full-year earnings forecast has been lowered and total expenses related to the breach stand at $148 million including related expenses.

Home Depot’s data breach left almost 60 million payment cards vulnerable to misuse. Investigation-related costs are pegged at $62 million.

For many companies it’s difficult to calculate the direct and indirect impacts of a data breach or document loss. It can vary widely depending on the nature of the incident. The 2014 Cost of Data Breach Study: Global Analysis reported that the average cost for each lost or stolen record was $145, the average cost of an incident is $3.5 million.

It’s no joke. And many companies (not just the mega corps) need start to taking the threat to their content seriously. Hackers will probe your security with various recon and vulnerability scans, and target businesses in industries that are known to be less likely to deploy multi-layered security technologies and have less robust governance. They will specifically go after the valuable information contained in documents that are less protected, in transit, shared, synced to apps, or on devices.

Cost Breakdown – how much would an incident cost your company?

  • Loss of customers and/or revenue
  • Loss of intellectual property, digital assets, or trade secrets
  • Investigative (forensic) services fees
  • Legal costs (suits, counter-suits, class-action)
  • Infrastructure repair and upgrades
  • PR communications services – damage control
  • Marketing – rebuilding brand reputation, trust, & sales pipeline


Estimate your potential costs in each of these areas assuming a small, medium, or large incident with your most valuable or sensitive documents. What would even a 10% loss of revenue mean? How much risk is your organization willing to assume in light of the potential top-to-bottom-line cost estimates?

For many companies, it’s becoming a necessity to ensure all corporate data and content is safe – wherever it ends up.

Instant Business Case: Why Invest in Document Protection
This is an excerpt from our latest free white paper, Instant Business Case: Why Invest in Document Protection. If you want to read more, you can download the full white paper.