Foiling e-document hackers

Jul 18, 2005

A worker sends an office colleague an e-mail with a corporate document attached, but the seeming routine message turns out to harbor a malicious passenger, because the attachment contains hidden pornographic images that were inserted by a hacker during it's transmission over the Internet. When the document is opened by a female employee, she files a lawsuit for sexual harassment.

This particular case is hypothetical, but the situation is real, experts told UPI's Networking.It is something increasingly plaguing corporate networks. To combat the problem, experts said, companies are going to have to monitor workflow, set new policies and install IT to intercept illicit content. The problem is, many companies skip the first step, which involves evaluating work practices and noting how and where secure knowledge is transferred, before investing in IT, said David Drab, director of information content security services at Xerox Global Services. "By conducting a company-wide risk assessment, organizations can identify the information that represents the greatest threat to the company, if exposed," said Drab, who is also a former FBI agent.As soon as the document-management policy is set, company networks need IT to maintain the integrity of documents that flow over the network.

One solution is from a software developer in San Francisco called Workshare.The company's software, Trace! Version 2, is a free metaware utility for Microsoft Office users that automatically alerts them to the risk level of the documents they are about to open. The software scans for sensitive or inappropriate content, both visible and hidden, within electronic documents. "Each year, trillions of documents are exchanged electronically," said Ken Rutsky, Workshare's executive vice president for worldwide marketing. "There are serious compliance risks and liabilities over the exposure of personal private data, and other sensitive information."

The risks are increased, due not just to potential lawsuits from employees who feel violated by obscene links in a document, but also to certain laws. The federal Sarbanes-Oxley and Gramm-Leach-Bliley acts, as well as the California Breach Law, require that certain information be kept secure for reasons of financial disclosure, intellectual property management, privacy and identity, and related matters.For example, if a document contains the word "confidential" in a header or footer, it probably contains corporate secrets and should be handled with care. If the word is in the text body, it probably is more benign.

Content- filtering software can determine whether the file contains benign or sensitive information before someone opens it.A recent survey of 332 large American enterprises conducted by Proofpoint in Cupertino, Calif., a software security firm, found stopping such leaks was the top concern for those who manage outbound e-mail.More than 35 percent of companies surveyed had investigated a suspected e-mail leak of confidential or proprietary information over the past year.

For example, a proprietary customer list may exist in an Excel spreadsheet, but if the document is converted to a PDF, it might be easier to smuggle it out of the company. So, software developers are developing "audit trails" for individual documents, such as Excel spreadsheets and Microsoft Word word processing files, so each modification to a file can be monitored along the way. The software includes encryption and authentication measures so the "sending and receiving parties can be tracked from start to finish of the transfer process," said a spokeswoman for Tumbleweed in Redwood City, Calif., a maker of enterprise-class secure managed file-transfer software.

Copyright 2005 by United Press International. All rights reserved.

Explore further: Amazon as an adult: Two decades of online shopping

Related Stories

Encryption made easier: Just talk like a parent

11 hours ago

Encrypting emails can be tedious, difficult and very confusing. And even for those who have mastered the process, it's useless unless the intended recipient has the correct software to decode the message. ...

EU open source software project receives green light

Jul 01, 2015

An open source software project involving the University of Southampton to extend the capacity of computational mathematics and interactive computing environments has received over seven million euros in EU funding.

Recommended for you

Drone postal deliveries begin in Switzerland

1 hour ago

Wondering where your package is? Look up! Switzerland's postal service said Tuesday it had begun testing parcel deliveries by unmanned drones, although widespread use of the flying postmen is not likely to kick in for another ...

The future of artificial intelligence

2 hours ago

Only a few years ago, it would have seemed improbable to assume that a piece of technology could quickly and accurately understand most of what you say – let alone translate it into another language.

User comments : 0

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.