A Beginner’s Guide to Document Protection and Rights Management

1. Leaks and unauthorized sharing (intentional or otherwise)

In today’s rapid changing digital technology, the way we access and distribute documents continues to evolve, moving towards efficiency and convenience. Widespread file sharing tools like website downloads, Dropbox, Google Docs, or simply emailing valuable content have become predominant methods of distributing and enabling access to critical business information, but also exposing organizations to risks, such as:

• Unsecured documents and data are found on a lost or stolen device.
• Buyers of content distribute it to non-buyers or upload to sharing websites.
• Documents are sent to the wrong “unauthorized” person by mistake, either via email or other means
• Documents are intentionally misdirected for malicious and/or fraudulent purposes – either for monetary gain, extortion, or to damage a company’s reputation.
• Documents and information are leaked by employees (or other “bad” actors) to the media, antagonists, or competitors.
• Poor security or infrastructure on protected networks have left documents and data vulnerable to unauthorized sharing.

2. Hacks and Attacks

There is an underlying assumption that only very large companies are attractive to hackers. As documents and data become more ubiquitous and accessible, hackers are finding small and medium-sized companies (with their relatively few hardened security protocols) attractive targets. Hackers may probe your networks for vulnerabilities, specifically targeting documents without wrap-around security, documents in transit, those synced to devices, in cloud-storage, or in unsecured emails. The tools and trade of the hacker have become highly sophisticated, and companies large and small must now take steps to prevent threats, including:

• Database and network intrusions
• Permission theft, misuse and loss
• Communication intercept attacks like MITM1 and Relay2 attacks
• Denial/disruption of service attacks for blackmailing, or extortion purposes

3. Copyright or patent infringement

Organizations apply considerable efforts and expense to produce original content, including those patented or copyrighted to protect the original investment or revenue streams attached to it. If you have copyrighted material, unprotected work can be:

• Copied or duplicated without permission.
• Modified or manipulated without authorization.
• Used in ways that were not the original intent or without proper authority.

4. Piracy

Online pirates aren’t just interested in music, movies and stolen software. Your course material, eBooks, company data, board minutes, research data, maps, specs and all manner of information are valuable resources of information. Content can end up in illegal file sharing sites where over 90% of the material is copyrighted and should, by law, be protected.

Factors to Consider when Protecting Documents

The nature of today’s digital marketplace has enabled company to find revenue sources through the online sales and distribution of documents and publications. When considering a document protection plan, determine whether or not your company has data, information or content that is worth protecting. Determine what would be the consequences to your business in terms of:

• Revenue - losses and damage that might occur now and in the future
• Reputation - trust and confidence in your brand
• Compliance, or non-compliance with regulations and privacy laws

Revenue-generating content

Any documents, files or assets that generate revenue should be considered in your protection plan. For many types of organizations, large portions of their revenues will come from training or educational materials, standards and manuals sales, as well as intelligence and research reports. These assets are labor and expertise intensive, and intrinsically carry their value. When they are distributed illegally, creators or distributors of these materials have no recourse to recoup the worth of their efforts. When determining the risk to your business if these files were leaked, hacked, distributed online, through social networks, to media, or to competitors, it’s important to consider all the effort and money that went into creating the content.

There are many examples of revenue-generating content that are sold online. Some examples include; expensive research or market data reports, training materials for online courses, eBooks, and financial reports that one may receive as part of a membership to an investment service

Intellectual Property

Intellectual property are works or inventions created as a result of creativity, such as a manuscript or design, to which one has rights to. These can include works for which a patent, copyright (more on this in the next section), trademark or other type of legal protection may apply.

For companies creating or managing these types of content, the value is contained within the original idea, that has been expanded into a creative effort. With these types of work, value comes from releasing the content first and having time to collect revenues before the ideas enter the collective consciousness. Some examples of these types of documents may include patents, inventions, scripts, stories, books, dissertations, theses, eBooks, white papers, newsletters, or even internal corporate materials that include confidential or highly sensitive information.

Copyrights

The most important information that can be protected by DRM is copyrighted material, which can only be used or distributed by the company that owns the rights to the work. Copyright is at the heart of most intellectual property debates or lawsuits, so such creations should feature passwords and other security tools whenever possible.

Ultimately, even the largest of companies couldn’t afford to retain lawyers to litigate every single instance of copyright infringement. This is especially true thanks to the fluid nature of the Internet. As such, document passwords and digital protection are the best ways to lock up content and media to avoid losses from unauthorized distribution. Any documents, files or assets that make you money should be considered in your protection plan. Of these assets, determine the risk to your business if the information in these files was leaked, hacked, distributed online, through social networks, to media, or to competitors.

Trade Secrets

Distributed internally, trade secrets need to be protected whenever possible to avoid falling into the hands of other companies. Information contained in such documents is profitable (though unpatented or trademarked) and should be kept from prying eyes at all costs. Many data breaches are due to insider theft, choose a system that protects at the document level so access is restricted to the document - not just the location on the network. Your documents are worth it. You lock your: The Forrester report, Understand the State of Data Security And Privacy: 2013 to 2014(iv) states that insiders are responsible for 36% of all incidents of data breaches occurring in a company.

Scientific Research, Literary, Technical, and Artistic Works

Authors and painters are not the only people who need to worry if their materials are going to be taken by unscrupulous parties or inattentive professionals. There are also writers and even video editors who can have their work stolen and used for extralegal purposes. Scientists also need to be aware of the danger that their papers, analyses, reports and dissertations could be at risk.

Presentations

Presentations can be considered intellectual property, such as lectures, talks, videos, recordings and other sorts of instructional videos. This is also true for transcripts of such media, so take that into account when deciding what files should have document protection attached to them.

Designs

Companies that work closely with clients to design machines, processes, buildings or branded collateral didn’t have to worry in the past about their ideas being taken and corrupted until they’d already put them into action. Today, all the information that flows between organizations can be easily snatched from the digital world. Smart designers, engineers and architects know that high profile projects and clients deserve to have protection at the source. A good DRM system can prevent theft by applying encryption, controlling who access to who can open the file, and even expiring the document after a certain time.

IT Systems and Methodologies

Even IT departments can share documents internally that might be detrimental if leaked outside of the network (via a mobile device) or the networks were hacked. Network architecture schema, diagrams, password files, list exports, logs, mind maps, and other information on internal security protocols should be considered critical information that should be secured, not just within a secure
network, but with wrap-around document-level protection, and especially if it is to be shared externally for any reason (vendors and other suppliers).

Confidential sensitive data

We’ve all heard stories about sensitive financial or private personal information getting stolen by database intrusions by hackers, but sometimes this data is in documents that are unintentionally shared outside the network, or found on a lost or stolen device.

Also, board minutes and information for shareholders is often confidential. This information can affect a company’s value - and prove profitable to competitors. A good DRM system can protect these documents individually to ensure that no one gets their hands on it who isn’t authorized.

Research and development

Oil and gas companies, mining, research, pharmaceutical companies and other industries that must keep their operational information and reports deeply secret. Research and development firms also need to protect their reports and other information from getting leaked. In any industry where there is a great deal of effort and value in these reports, companies should consider protecting these documents.

Our popular document protection software can help you limit the risk of your content being copied, leaked, shared, or stolen. Your PDF and Office files are instantly protected, ready to be distributed, and easily viewed by your audience. You can choose to publish the secured content to a user portal, send via email, or post to your own website, document management system, learning management system (LMS), eCommerce site, or other portal. Whatever method you choose, the files always remain secured no matter where they go.

Vitrium Security is trusted by hundreds of companies around the world to protect their documents and millions of readers have accessed our secure documents.