It’s World Paper Free Day – November 6, 2015

World Paper Free Day We’re taking the pledge to go paper free on World Paper Free Day 2015, and we want you to join us!

The Association for Information and Image Management (AIIM), a global community of information professionals, is taking the initiative to challenge the business world to use less paper and eliminate the waste that office paperwork can create. According to a recent study done by AIIM, 35% of respondents said that most of the electronic invoices they receive get printed anyway, while 31% admit that their desk is ‘piled high’ with paper. The average office worker uses up to 45 sheets of paper per day, and more than half is considered waste.

Many businesses have discovered the benefits of going paperless, both financial and operational. They have found that when investing in technologies that allow their offices to go paper-free, they have improved overall productivity and experienced a positive return on investment. They were able to respond quicker to customers, maintain better compliance, and improve the ability to telework.

You can take part today by vowing to reduce the amount of paper you generate in your everyday work and personal life. It’s just one day, but these actions can change habits and make a difference for the future.

For more details, check out:

Which Industries Are Targeted by Cyber Threats?

Which Industries Are Targeted by Cyber Threats?You hear about these large scale data breaches where another big corporation becomes victim to a cyber-attack. While these news stories seem to be popping up more and more these days, the truth is cyber-attacks are happening all the time and have been for a long time. You may be wondering who these attackers are targeting and why? While the why may not always be clear, we can deduce from research data which industries are getting hit the most.

According to Cisco’s 2015 Annual Security Report, the pharmaceutical and chemical industry emerged as the highest risk industry for web malware encounters in 2014. Other verticals in the top five were media and publishing, manufacturing, transportation and shipping, and aviation.

You may be wondering why retail isn’t listed among the top five, given the number of high-profile incidents in recent years (eh hem, Target and Home Depot, to name a couple). A web malware encounter doesn’t mean that a data breach occurred, but rather that a piece of malware was detected and blocked. So, while it’s probably true that the retail industry was hit the hardest last year with actual data breaches, it doesn’t necessarily mean that it was the most targeted. There are a number of factors that make some industries more vulnerable to successful data breaches than others. So, using web malware encounters as a metric gives us a pretty good indication of which industries are being targeted by threats.

The interesting question is why are certain industries more susceptible to malware encounters than others? Is it really because hackers see the information that they can seize from these industries as more valuable than others, or could there be something else going on?

According the Cisco’s report, it seems to be a combination of targeted attacks and careless employee behavior. The way they are able to determine this is by examining the types of attack methods. They found that among the high risk industries, there were more cases of adware, clickfraud, scam, and iframe injections, which are considered to be non-targeted attack methods. Falling victim to these types of attacks is wholly dependent on user interaction.

This means that some of the higher frequency of web malware encounters in high risk industries is coming from their employees’ internet activity. So, it would make sense that certain industries that embrace new media and technologies would be more susceptible to attacks, where as traditional industries where change is slow and internet usage is highly controlled might experience less malicious activity.

That’s not to say that hackers aren’t targeting the high risk industries with sophisticated attack methods. They are, in fact, at a much higher rate than other industries. The key takeaway here is that the frequency of malicious encounters, and thus data breaches, can be significantly reduced with the proper tools and education in place. Mitigate the risk by educating your employees on safe internet behavior and protecting your data.

Find out if your company is at a high risk of experiencing a data breach using our Risk Grader.

National Cyber Security Awareness Month 2015

“Cyber threats pose one of the gravest national security dangers the United States faces” – Barack Obama.

Shared ResponsibilitySponsored by the National Cyber Security Division of the Department of Homeland Security and the National Cyber Security Alliance, October has been designated National Cyber Security Awareness Month (NCSAM).

Since its inception in 2004, National Cyber Security Awareness Month been helping keep computer users safe online by promoting best practices in cybersecurity. The goal is to educate organizations in both the private and public sectors, as well as the general public, about cyber threats, while giving them the tools to combat a cyber attack. The hope is to increase resiliency in the event of a cyber incident.

The only way to truly combat cybersecurity threats is through education. Cybersecurity is Our Shared Responsibility, and we cannot be secured without the help of everyone.

How to get involved

(From the U.S. Department of Homeland Security:

  • Use the National Cyber Security Awareness Month 2015 hashtag #CyberAware in your social media messages.
  • Join the weekly National Cyber Security Awareness Month Twitter Chat series on Thursdays in October at 3pm EST using #ChatSTC.
  • See what National Cyber Security Awareness Month activities are taking place in your area.
  • Find information on how your government, law enforcement, business, school, or organization can take action.
  • Teach elementary, middle, and high school students about Internet safety and security.
  • Post cybersecurity tips, news, and resources highlighting National Cyber Security Awareness Month on social media sites.

Visit for resources, events, and other details.

Why Do Data Breaches Occur?

Why Do Data Breaches Occur?Data breaches seem to happening left and right these days, and companies of all different types and sizes are getting targeted. Has there been some sort of uprising of cybercriminals or are these companies just being careless? Let’s take a look at some of the reasons these data breaches occur.

Malicious Attacks

Typically when you think of data breach, you think of a malicious cyber-attack. There’s no one reason why hackers do what they do. Sometimes they are after your banking information or intellectual property for financial gain. Other times they are just having fun or trying to prove a point, disrupting your business in the process. For these reasons, there doesn’t seem to be any single type of company that gets targeted, anyone can become the victim of a cyber-attack.

Hacking methods are becoming more advanced, and every year there are new ways to use software vulnerabilities to gain access to your information. Just recently Mozilla’s Firefox had to go through a significant update to protect its users from a vulnerability that could allow files to be stolen from their computers. Make sure that your software and web browsers are always up to date and be aware of malware that will try to circumnavigate your security controls through spyware, backdoor access points, etc.

Loss or Theft of a Device

This one of the simplest ways a data breach occurs. Someone in your organization drops a flash drive at a conference, misplaces an external hard drive in a move, or leaves a laptop behind in a taxi. Even worse is when that device is actually known to have been stolen and your company’s data is in the wrong hands. You don’t know what the thief’s intentions are and if they have plans for that data.

The worst part about a lost or stolen device is trying to figure out exactly what kind of information was on the device. The device is now out of your control and several different types and pieces of data could potentially be exposed.

While we do our best to avoid these situations, sometimes things happen. Consider implementing a BYOD policy for your organization, and keep regular backups of all your devices to help mitigate data loss.

Weak Security Controls

Having weak security seems like an obvious way to become the next victim of a cyber-attack, yet this is still a common cause of data breaches. This doesn’t mean you need to rush out today and invest in the latest, state of the art, impenetrable network security. The strongest security infrastructure won’t be effective if you don’t have the right security controls in place.

Most of the time, becoming more secure is as simple as having stronger passwords or multifactor authentication. According to Verizon’s “2015 Data Breach Investigations Report”, 76% of network intrusions were a result of weak credentials. Hackers would guess passwords, use specific tools to crack passwords, or try passwords used on other sites. Passwords were also stolen using malware or phishing attacks.

However, even with strong credential systems, companies can leave their information vulnerable if they are mismanaging access controls. Often times, employees are able to view and transport information they don’t need access to, which increases the chances of that information getting leaked. Those odds get stacked when that information is also readily accessible on mobile devices that can be easily lost or stolen, as I mentioned above.

Could you be next?

Do you think your organization is at risk of experiencing a document security breach? Use our risk grader to quickly assess your company’s risk and see what you can do to secure your information.

Responding to a Document Security Breach

Responding to a Document Security BreachGreat. The unthinkable has happened to your company. Along with Sony, Home Depot, Target, and Apple, you can add your company to the long list of recent data security breaches. With the overwhelming feeling of dread, sense of loss, and panic, there’s confusion. What do you need to do to take control of the situation? Here are some steps to take in responding to a document security breach.

1 – Don’t Panic

Any sort of security breach can be alarming, but it’s important not to panic in order to avoid hasty, poor decision-making. Take a deep breath. Just as you would tackle any other company problem, assess the situation and put together a thought-out plan of action.

2 – Prevent Further Damage

First thing’s first, control the incident to mitigate overall damage. Secure systems that were left vulnerable and prevent further unauthorized access to documents. It’s also important to make note of exactly what information was leaked. Secure any backups you may have of documents that were compromised to preserve information.

3 – Get Organized

You’ll want to notify any key company officers and board members as soon as possible. From there, establish a response team with the technical expertise to make the right decisions. Everyone on the team should have a good understanding of the incident and be familiar with the information that was compromised.

4 – Lawyer Up

If the document security breach is serious enough, it may be advisable to seek legal advice. Your lawyers will help you put together a strategy, run an internal investigation, interact with law enforcement, and comply with any legal requirements.

5 – Review Your Document Security Policy

Hopefully your company has a document security policy already in place. If so, your response team will want to review those policies to make sure that any response to the incident is consistent with company guidelines (and any other laws and regulations).

6 – Investigate

Launch an investigation to find out exactly how and why the document security breach occurred, and whether legal action will be required. This could be done internally with your company’s technical team, however, if the situation proves to be more complicated, it might be wise to hire a forensic investigator that specializes in security breaches.

7 – Notify Law Enforcement

If the investigation reveals reasonable concern that the document security breach was the result of malicious, criminal activity, the appropriate law enforcement authorities should be notified.

8 – Notify the Public

Whether your company is legally required to notify the public or not, it may be beneficial to do so in order to squash any negative buzz. By getting ahead of the press with an accurate account of the incident, you can help protect your brand reputation and reassure your company’s stakeholders (customers, investors, employees, etc.).

9 – Invest in Document Security

Now that the hard lesson has been learned, it’s time to take action to prevent a document security incident from reoccurring. It’s hard to think that this whole disaster could’ve potentially been avoided with a document security strategy, but hindsight is 20/20. Develop a plan and consider investing in a document security solution that will protect the contents of your documents and give you better control of who has access to those documents.

Is your organization at risk of experiencing a document security breach?
Use our risk grader to quickly assess your company’s risk and see what you can do to secure your information.

Now Share Encrypted Files to Salesforce CRM with Protectedpdf Document Security

Protectedpdf Integrates With Salesforce[PRWeb | Vancouver, July 16, 2015] Vitrium™ announced today that it has integrated Salesforce with Protectedpdf (the popular cloud-based document DRM document security and control software solution). This evolution was a response to customers who are demanding secure document sharing, making it easier to share secured Protectedpdf files with this popular CRM system, along with several other file sharing services.
Standard Edition Protectedpdf customers can now easily share their sensitive and valuable documents to Salesforce from within the Protectedpdf interface. The PDF document can be uploaded from Salesforce, secured, and then saved and shared back to SFDC (Salesforce) again. This is a boon for SFDC CRM users who require encryption or access controls on their sensitive, private, monetized or copyrighted documents housed within SFDC.
Protectedpdf Cloud Integration
Documents that have been protected within the Protectedpdf interface can be sent to Salesforce, Box, Dropbox, Google Drive, or MS OneDrive cloud sharing services at any time via the “cloud upload” icon.
Protectedpdf Upload to Cloud
The cloud-sharing feature is included with all Standard and Pro Edition accounts. Pro and Enterprise customers will need to contact Vitrium to see if their custom installation can be integrated.

Find out how to use Salesforce, Dropbox, Box, Google Drive, or MS OneDrive, accounts to send files to Protectedpdf, and save secure PDF files directly to any of these services.

“CRM systems like Salesforce are relied upon by thousands of businesses every day to store and share sensitive documents like contracts and proposals. With this new integration we can now help businesses protect and control access to these documents with wrap-around document security that is not only easy to apply and administer, but let’s customers share them with the tool they are most comfortable with.”

– Chris Butlin, President & CEO, Vitrium Systems Inc.

Interested in Protectedpdf? Need integration with your systems? Find out what Vitrium can do for you at

Obfuscation or Encryption for Document Security?

Obfuscation vs EncryptionWe just recently included 256-bit military grade encryption in Protectedpdf®’s suite of document security features, in addition to our long-standing obfuscation method of digital rights management. You may be wondering what is the difference between these two security techniques. While each has its own benefits, they also serve different needs. Most organizations are likely going to find one more applicable than the other.

What’s the Difference?

Obfuscation, also referred to as beclouding, is to hide the intended meaning of the contents of a file, making it ambiguous, confusing to read, and hard to interpret.

Encryption is to actually transform the contents of the file, making it unreadable to anyone unless they apply a special key. Encryption ensures that the file remains secure by keeping the content hidden from everyone, even if the encrypted information is viewed directly. If an authorized user does have the key, they can decrypt the file, changing the encrypted content back to its original, readable form.

Obfuscated data, does not require a key and can be deciphered if the original algorithm applied is known. All you need is a decoder ring and you’ll be able to read the secret message (“Be sure to drink your Ovaltine”). With encryption, on the other hand, even if you know the algorithm and have a decoder ring, you will still need a secret key to decrypt the message.

Which to Use?

Obfuscation works well for complicated files and programs and is typically used to prevent piracy and make sure files or programs are being used in a proprietary manner. Obfuscation involves a separate program that need to be packaged with a file or executable item to protect them from unauthorized use. Obfuscation works by masking what a file or program is doing so that users cannot see or manipulate the code. Files protected with obfuscation don’t need to be accessed with any other plug-ins or executable files, making it seamless for the end user.

It’s important to maintain the DRM program with the latest software updates. There is always the possibility that someone could find a way to break through and information is left vulnerable. For this, software engineers are always coming up with new and innovative ways to rewrite portions of such DRM programs to make them even more effective against exterior threats.

Encryption and other types of document protection are important for organizations that deal with extremely sensitive materials and must meet strict compliance or governance obligations. It is especially critical with confidential information that might travel outside of the perimeter, or be synced to cloud-based file sharing services. Encryption encodes files and requires a key to reintegrate the pieces back into an intelligible whole.

Request a demo with someone from our team to talk about which method would work best for your organization.

Dispelling Document Security Myths

Dispelling Document Security MythsWith some of the recent cyber attacks on some of the biggest organizations across various industries, the risk of attack is becoming an increasingly pressing issue for all businesses. As we tread on this new territory of cybersecurity, companies are realizing that their documents are vulnerable. Unfortunately document security is still widely poorly understood.
Let’s dispel some of the myths that have emerged surrounding document security.

#1 The higher the level of protection the more disruptive it is for the end user

It’s a fact that the more secure a document is, the more barriers there are to accessing the document and the fewer options the reader has for copying, printing and otherwise interacting with the file. Software requirements are sometimes difficult to download and install, especially in environments that are IT restricted, and can make legitimate users irritated.

More and more, DRM software companies are trying to find a balance between providing content owners the protection they need while at the same time ensuring the end user (or reader) has a good experience. Make sure, when you are looking for DRM software, that the solution offers readers a seamless, non-intrusive experience, and just enough security to make sure the documents go where they are meant to and nowhere else.

#2 It’s not needed in today’s world.

We’re used to everything being readily available to us online and the natural inclination we have is that everything “should” be accessible. The open environment of the internet, it is argued, should determine what is acceptable and what is not.

While this would be an awesome ideal, it’s just not feasible in reality. Companies and organizations do need to digitally share information that is sensitive, and may be under legal obligation to protect this vital data, like financial, legal, or health care data. Additionally, there are trade secrets that companies don’t want competitors to learn, board minutes and notes, legal contracts and documents, and a whole variety of information that shouldn’t be shared with the wild wild web, or other individuals who are not authorized to access the information.

Other companies and organizations invest time, effort, and money into producing materials that are copyrighted, trademarked and produce revenue for them, such as training materials, eBooks and other documents. They need a way to protect these assets, just as you would lock your car, or insure your house.

#3 It’s too expensive

That depends on how you look at it. Like car insurance, it can save you a lot if you get in an accident. With the costs of copyright infringement or patent lawsuits ranging from $350,000 – 5,000,000, it’s no wonder companies want to avoid having to take legal action. Document protection is cheap by comparison!

Companies find that investing in document protection as part of their risk mitigation efforts not only prevents costly legal fees, but prevents revenue loss, blow-back from leaks, and other damaging consequences that can have huge impacts on the bottom line. With a good DRM system it is much more prudent to take some reasonable steps to prevent these consequences before they happen.

#4 Security can be broken

We can’t deny that at times, secured content can get broken into. Just as a determined thief can circumvent the locks on a house, we’ve seen that determined hackers or technically savvy individuals can circumvent even the strictest security policies of a document or IT firewall.

The higher level of security a document has, the less likely it will be broken or “hacked” into. At Vitrium, we have strong encryption (256bit) options, and lighter weight options (128 bit encryption, or “social DRM”) for all security needs while maintaining a hassle-free experience for readers.
Find the right balance between reader experience and the security you need. When you are choosing a service to protect your documents, think about the impact of the tool on your users balanced against the level of protection you need, or must, provide.

Download eBook: Top 6 Reasons to Protect Your Documents
This was an excerpt from our eBook: Top 6 Reasons to Protect Your Documents. If you want to read more, you can download the full eBook.

Protectedpdf DRM Encryption Now Works with Box, Dropbox, Google Drive & MS OneDrive

Protectedpdf Now Works with Box, Dropbox, Google Drive & MS OneDrive[PRWEB | Vancouver, May 21, 2015] Vitrium™ announced today that it has released version 5.6 of Protectedpdf, the popular cloud-based DRM and document encryption software solution. This latest version integrates the solution with Box, Dropbox, Google Drive and MS OneDrive making it easier to upload files from these services and save secure documents to these services anytime.

Standard and Pro Edition Protectedpdf customers who share, or would like to share, their sensitive and valuable documents via Box, Dropbox, Google Drive and MS OneDrive services, can now secure these documents and easily store them directly onto these familiar cloud file-sharing platforms. Customers having accounts with these services will find it especially useful for sharing confidential, sensitive PDF documents to the cloud service they normally would use where they can distribute them at will.

The PDF document is uploaded from the cloud service of the administrator’s choice, secured, and then can be saved and shared out to that service easily.

Cloud file sharing now included with Protectedpdf!

Cloud file sharing now included with Protectedpdf!

Documents that have been protected within the Protectedpdf interface can be sent to Box, Dropbox, Google Drive, or MS OneDrive, cloud sharing services at any time via the “cloud upload” icon.

Cloud Upload on Protectedpdf

The Protectedpdf interface now has a “Cloud Upload” icon, so you can share secure documents to your fave file sharing platform.

Protectedpdf cloud file sharing

Upload secure Protectedpdf documents to your favourite cloud-sharing platform.

The cloud-sharing feature is included with all Standard and Pro Edition accounts. Enterprise customers will need to contact Vitrium to see if their custom installation can be integrated with these services.

Find out how to use Dropbox, Box, Google Drive, or MS OneDrive, accounts to send files to Protectedpdf, and save secure PDF files directly to any of these services.

Other improvements included in the Protectedpdf version 5.6 release are:

  1. An improved help area that links to Vitrium’s new helpdesk area featuring ticket submission, knowledge base with FAQ’s, search, a community forum, and articles.
  2. Contextual memory for the web link, meaning that should a reader exit the document and then reopen the document, the point of last position will be remembered and display exactly where the reader left off.
  3. Annotations and highlighting will now be remembered while the document is offline, and be synchronized regularly. End-users can also force document synchronization via the synchronization icon as frequently as desired (offline document copy and sharing permissions must be enabled for this feature).

“Everyone knows how popular file-sharing services like Box and Dropbox are. Even if many IT departments don’t like to acknowledge this shadow IT, the fact remains – sensitive information in documents is being shared to these services. This 5.6 release enables Vitrium to meet the market need for a secure solution that can provide wrap-around security for these documents – making sure they are protected within these environments, and enabling administrators to use the tools they are most familiar with.”

– Chris Butlin, President & CEO, Vitrium Systems Inc.

Interested in Protectedpdf? Need integration with your systems? Find out what Vitrium can do for you by requesting a demo.

Read original PR Web post here.

Vitrium Releases Strong 256-Bit Encryption Document DRM for Mobile Users

Vitrium Releases Strong 256-Bit Encryption Document DRM for Mobile Users [PRWEB | Vancouver, May 7, 2015] Vitrium™ announced today that it has released version 5.5 of Protectedpdf, the popular cloud-based DRM (IRM) and document security software solution. This latest version hardens security for its HTML5 web link and provides military grade encryption protection for documents, especially those that are shared to mobile devices.

Confidential documents secured with the Protectedpdf v5.5 web link will now be secured by default using the latest standard in 256-bit AES military grade encryption without the need for end-users to download plugs or proprietary viewers to open it on the other end. The highly secured document is viewable on any modern browser and mobile users will find this DRM document security technology to be more lightweight than many others on the market today.

Organizations with highly sensitive documents, and those who must meet strict compliance and governance obligations, will find this zero-footprint encryption valuable, particularly for mobile end-users. The document-level wrap-around security solution can now meet the need for good governance in regards to confidential information that might travel outside of the perimeter, or be synced to cloud-based file sharing services. Industries that require strong protection will find this enhancement particularly relevant.

Protectedpdf 256-bit encryption is applied to the secured HTML5 web link at the time the document is secured, and includes:

  1. Full 256-bit AES military grade encryption for web linked documents in both online and offline mode
  2. Offline document encryption to ensure the best possible security – preventing unauthorized copying to other devices
  3. Content is encrypted by the server prior to sending it to the client
  4. End-user must have the correct decryption key in order to access content
  5. Strongest brute force attack prevention (1.1 x 10^77 possible key combinations)
  6. One-time hashing of the user’s password
    • Never reveals the user’s password during communication or with the server
    • The password is hashed client side and then only the hash is sent to the server
    • The server hashes the user’s real password using the same one-time hashing key and compares these hashes
    • Man-in-the-middle (MITM) attack also prevented
    • Replay attack also prevented

“Vitrium has committed to providing the best security possible. Strong encryption with the web link technology enables organizations to secure and share their most confidential material while minimizing the impact to end-users who can use any device to access it. This change enables Vitrium to make more of a security commitment to customers, and service new markets that have the need for high-level protection for their sensitive documents.”

– Chris Butlin, President & CEO,Vitrium Systems Inc.

Find out what Vitrium can do for you.