Sometimes the boring details that we overlook could mean the difference between success and failure in our businesses. When it comes to protecting our data, not every threat takes the shape of a sensational international network of hackers or a rogue employee turned mole. Sometimes something as innocent as e-mailing a draft of a PowerPoint presentation can release sensitive information–those little details are important.
The hidden risk of metadata
All electronic documents contain hidden information called metadata. Metadata consists of information about your document that is not easily accessible to the user. Once accessed, however, it can reveal important information about your organization that you would prefer stay private. In addition to metadata, electronic documents also contain fields of information which by default are not visible. Before sending a document to a third party via e-mail or USB drive, it is extremely important to make sure that you don’t inadvertently also send sensitive information.
How real is this risk?
If you are in doubt, ask Google. Executives at Google inadvertently revealed internal financial forecasts when a PowerPoint presentation was circulated containing the private information in a hidden slide. The Office of the Director of National Intelligence inadvertently released the U.S.’s budget for National Intelligence by forgetting to remove hidden information from an electronic document before circulating it. The Justice Department released confidential Social Security numbers when they failed to realize the data existed in a PDF file they released to the public. The list goes on and on. If it can happen to large companies and government agencies, it can certainly happen to you.
Conduct a metadata and hidden data audit
Take a few hours this week to review your most important files to determine if sensitive information is at risk of being released. If this initial test finds a problem, you should plan for further testing or even consider using a third party solution to manage Meta and hidden data. Be on the lookout for:
Document properties
Microsoft Office files contain a document properties section which could include data on the author, the author’s manager, hyperlinks, keywords, internal notes and more. If your company uses boilerplates it could be very embarrassing for a client to receive a document with information in the properties section about another client.
Document statistics
In Microsoft Word, the statistics section indicates the number of times the document has been revised, who the last person was to revise it, and the total editing time spent on the document. If you’re a consulting firm billing on an hourly basis, any discrepancy between the editing time on the document and the time billed to the client could potentially cause problems.
Custom properties
These fields allow for any type of information to be included. Perhaps your internal IT department has decided to leverage custom properties to enhance document tracking or project management. Sensitive information about which employees are working on a project, what billing codes or billing rates should be charged, and more could be included here.
Comments
Microsoft Word and Excel allow for comments to be included throughout a document. It’s easy to miss the visual cues that comments have been embedded in a document. Sensitive notes about changes to financial estimates, prices and more could inadvertently be sent to a client or competitor.
Track changes and document revisions
Recent versions of Microsoft Word allow you to track changes to a document without displaying the “black line version” on the screen. This means that if you send the Word document to someone else they can see the previous version of the document and can even tell which person made which changes.
Headers and footers
In many cases, recent versions of Microsoft Word default to having hidden headers and footers. It’s rather subtle and you could easily forget that they are there. Imagine if you use a boilerplate with client information in the header or footer. When the new client receives the document and print it out they would see the previous client’s name.
Hidden slides
PowerPoint allows you to create hidden slides which could be used for internal purposes, special notes or as “source slides” from which data is pulled. As the Google example indicates, it’s easy to forget about these slides because they are hidden.
White text
A less common practice is for employees to recolor text as white so it becomes invisible. This is mainly used by less technologically sophisticated employees who wish to hide certain text and not erase it to see how a new layout or different wording may appear. The opportunities for problems are endless.
It’s not about paranoia
The point here is not to become paranoid about every single document that leaves your company—the idea is to make a point of reviewing your metadata and hidden data (especially on boilerplates) to ensure that nothing is inadvertently communicated to outsiders. A little healthy awareness can go a long way to preventing business headaches.
