Submit your question and we’ll post it online for everyone to learn from.
Content Security is about monitoring and controlling the electronic information entering or leaving an organization. Content security issues include transmission of confidential data, protection against viruses and spam, encryption/data security, filtering content, improving network performance, and reducing an organizations exposure to legal liabilities.
Unmonitored content leaving the corporation can introduce legal and competitive risks. The current lack of content filtering and monitoring makes it difficult to discover potential breaches of policy, the sharing of confidential information and to hold individuals accountable.
Metadata is simply “data about data”, and your electronic documents probably contain lots of it. Metadata describes document attributes such as the title, author, content, location, and date of creation. Knowing this information can be helpful when cataloging electronic information. But metadata can also share confidential and potentially embarrassing information with an unintended audience.
To view one example of document metadata go to the File menu and choose Properties. A dialog box appears that has general information about the document such as creation date, size, and so on. A Summary tab has metadata fields such as Title, Subject, Author, Manager, Company, Category, Keywords, and Comments. What is not so easy to see is all of the other document metadata. To scan and identify all of the metadata associated with your documents you will need a 3rd party software application that scans and identifies all metadata associated with your document.
The following top ten best practice tips should be followed to ensure your organization is protected from the risk of document metadata:
- Establish an enterprise-wide metadata policy and determine what metadata is of risk to you and why
- Remove all Microsoft Word documents from your web-site
- Implement an enterprise-wide Metadata removal application
- Ensure your Metadata removal application has the ability to centrally enforce your metadata policy
- Ensure your Metadata removal application is integrated to your email system for complete protection
- Ensure your Metadata removal application contains functionality to review a report of existing metadata in documents before cleaning or sending to others
- Encourage the use of sending PDF files, which have already been cleaned by a metadata removal application, to external parties where appropriate
- Remove all metadata from your template library to reduce the risk of any metadata being inherited from previously used documents
- Turn ‘Highlight Track Changes’ on before sending documents to others to review if a history of changes exists
- Click View-Comments from your Microsoft Office application before sending documents to others to review if a history of comments exists
The following steps can ensure that documents that you send or share with others remain secure and confidential:
- Establish an enterprise wide metadata policy and deploy an enterprise-wide Metadata removal application
- Distribute published documents in a metadata-free PDF format
- Encourage PDF security and file encryption by selecting a PDF conversion technology that incorporates these features
- Consider sending documents in zip format with a zip password
Metadatarisk.org is a public-benefit site offering educational information for visitors interested in learning about content security and how to protect themselves from inadvertent exposure of sensitive hidden information.
Metadatarisk.org was established by Monkey Duo to raise the awareness of content security issues and its associated risks. This site is intended to be non-commercial, whereby content contributions are welcome from everyone and no marketing of specific products or services will be allowed on the site.