Everyone has all done it. Opened a two-year-old template document, saved a new copy, edited the text and then saved it again for the rest of your team’s contributions, who each create their own version to be merged later.
It doesn’t take long for version control to go awry, resulting in documents in various stages of changes – both tracked and untracked.
Comparing and combining these documents into the most up to date, single version is a process that can take hours if not days, and all the while conceals hidden security risks that could compromise your business.
These risks are in the form of metadata, which is captured in those document versions every time they change hands or go through edits. There are at least 20 types of metadata used by Microsoft Office, for example:
• Speaker notes
• Tracked changes
• Hidden text, cells and fields
• Email addresses
• Names of contributors
• Initials of contributors
• Company names
• Computers’ names on the network
• The server or hard disk where the document is saved
• Dates of revisions and different versions
• Information about embedded and linked objects
The purpose of metadata is to categorise data to make it easier to find and interpret and, when used properly, it can be very helpful. If handled without care, others could exploit metadata to find information that could hurt your business, you, or anyone involved.
>See also: How to ensure that you are protected
In 2010, the Solicitors Journal published the results of a survey, claiming that 97% of law firms have no metadata management tools in place to safeguard the details stored in legal documents which are sent via mobile devices. Here are three ways that poorly managed metadata could hurt your business.
Metadata is the digital paper trail between you and the people you communicate with and therefore contains information about your business and employees, or potentially information about clients and, for the journalists out there, your sources.
Documents sent via email or file sharing software can be intercepted and the sensitive information can be extracted. This makes metadata a powerful tool for hunting down whistle-blowers.
Despite this technology existing, metadata leaks were a problem for users of 1Password (password management software) as recently as 2015, when users’ unencrypted names, email addresses, and login URLs were leaked (but not their passwords). This made users potentially more vulnerable to hacking attempts on their websites.
Ever since telephone laws were established, communications metadata has been viewed as separate from the actual contents. The difference being that metadata is considered public information and the contents of communications is much harder to legally obtain.
But the metadata recorded by modern communications via the internet contain personal information that could be more useful to some people than the content of emails or calls.
In the US, the line between metadata and private communications is somewhat blurred by online interactions. This makes it easy for cyber-spying to occur, whether that’s by governments, private companies or individual members of the public.
What can you do?
Luckily, metadata removal technology now exists. By cleaning files before they’re sent via email, you can protect potentially sensitive information from becoming public. This can also be integrated with email systems and mobile devices to make metadata cleaning an automated part of the mail system.
In this day and age, protecting the information about your company, colleagues, sources and clients is vital for preventing the potentially malicious misuse of this metadata.
Sourced by Dean Sappey, president and co-founder of DocsCorp