12 Tricks for Epically Bad Document Security
20 July, 2022
You’re set up as an editorial professional: you have your own editing company, all the editorial resources and software you need, and all the legal and financial details taken care of. You’re good to go—almost. There’s just one thing you might not have paid much attention to: document security. It may not be foremost on your mind, but the truth is it’s no small matter to your clients. In fact, your client contracts may well have rules about where documents are stored and how they are protected.
Oh, but being secure is exhausting. Sometimes you just want to throw in the towel, throw caution to the wind, throw open the windows, and run up the white flag. If that’s what you want to do, here’s our quick guide to saying “To heck with document security!” Follow these methods and soon you won’t even have a business to have to worry about.
1. Don’t Set a Password
Sometimes it just seems like too much of a bother to log in and log out, and so on. If your password is 20 random characters and you’ll be locked out for 30 minutes if you make a typo, you’re going to try to avoid needing it. And if you’re just stepping away to the washroom for a moment, does it matter so much if you leave your laptop open and running on your table in the espresso bar? Well… it’s like leaving your door unlocked. You only need to be unlucky once to regret it forever.
2. Pick a Really Obvious Password
Using an obvious password is one step better than not using a password at all, but mainly it just filters out the laziest thieves. People who really want to break in have software that can try all the obvious passwords and be in before you can sneeze. It’s like leaving your key under the mat.
A good way to pick a password is something that’s long but memorable to you. Use a quote from a book or poem that you love (you may be shocked at how few of these your thieves have read). Replace some of the letters in that quote with numbers and symbols, and you have a unique password that’s memorable but non-obvious.
3. Put Pictures of Private Information Online
So you’re working somewhere with a great view, or your desktop is looking especially spiffy, and you take a picture and post it on social media. But, uh, you were working on a file with confidential information... and anyone who views the full details of the photo can read it. A picture of information is information. You might as well have put up a poster with your client’s confidential document. (In fact, more people may see your picture than would see a poster.)
4. Make Your Passwords Easy to Steal
We all have so many passwords to keep track of! Sure, you could use the same password for everything—if you don’t mind that if someone steals one of your passwords, they’ve stolen all of them. But if you use a different one for each site, how do you keep track of them? Some people in offices write them down next to their computer, which is a great way to give them to anyone who can get near the computer. Other people will keep them in an easy-to-find document called “passwords.docx”—and if anyone manages to get into your computer, they get them all. It’s pretty normal to let your browser remember all your web passwords, but once again, anyone who can get into your computer (one password or none!) hits paydirt. Computers and phones are getting better at using biometrics (fingerprint or face scan) to gatekeep passwords, but good password manager software like LastPass is also worth using.
5. Install Software from an Untrustworthy Source
You know what the Trojan horse was, right? Well, in computer security, a “Trojan” is malware—software designed to steal or inflict other harm—that comes hiding in an innocuous-looking software application or document. It could be a game or nifty app from some unofficial site; it could be a browser extension that promises to let you view copyright-protected streams for free; it could be a document on an unknown website that promises interesting-looking information; it could even be a cute freebie USB stick… that quietly installs software the moment you plug it in. The next thing you know, ransomware has taken control of your computer: you’re locked out and you’ll have to pay a lot of money to get back in.
If you’re not getting your software from a known and verified source, you don’t know what might be hiding in it—even documents can have little invaders in them. “But this thing is so cool!” Well, yeah, they’re not going to hide their malware in something no one would ever open.
6. Give Away Personal Information to Random Strangers
You might object that you wouldn’t let someone you don’t know just log in to your bank or business site, but have you ever been on the phone in a public place talking about banking or other personal details? People can hear you, you know. They can also see your credit card number if you write it down somewhere, and they can see your full personal information on a tag on your bag as you’re standing in front of them in line, too.
And once someone knows a few details about you, it’s easier to find out more—because if they seem to know about you, other people will often give them even more information. How many times have you received an email from a friend asking you to contribute to a fundraiser? Anyone who knows just a couple of things about a person can pose as that person and fake an email from them—it’s as easy as writing down a fake return address on an envelope. And then you go to a website that takes your Facebook login, and by the time your friend says “What fundraiser?” it’s too late.
7. Give Away Passwords to Strangers Who Ask
If someone phoned or texted you and asked for one of your passwords, you would say “no” and hang up. But what if you thought they were calling from your bank, or from Apple or Microsoft, and there was a problem? This is a very common scam, and some people do fall for it. You may even look at your caller ID first and think it’s legit, but that’s easy to fake. And then, having obtained your password, they will ask you to “verify your identity” by reading off a number that’s texted or emailed to you—which is the authentication code that’s being texted to you precisely so that someone who stole your password can’t get in.
Never give your password to someone who phones you, no matter how legit they may seem, and never ever ever ever ever give your authentication code to someone over the phone. That’s for logging into a website, not for telling a stranger over the phone. If you have a security concern, look up the company’s number on their official website (or on the back of your credit card, as the case may be) and initiate a call to them.
8. Use a Social Media Site Login on a Third-Party Site
This seems like a common enough thing to do; it’s convenient, and Facebook (or Google or whoever) is a known entity that has given the other site permission to do this. But Facebook is also an entity that knows about you—it has lots of personal information on you, and if you use your Facebook login on someone else’s site, you’re giving them access to it. These third-party sites might want to do things with your information that you wouldn’t want—and they might get hacked, too. It’s like giving a copy of your house key to a friend of a friend. Create a new login for every new site, and keep track of them all in a secure way (see number 4, above)!
9. Assume None of the Above Applies to You
If you’re handling sensitive personal information, trade secrets, or embargoed announcements, document security is obviously important. But if you’re just working on marketing copy or a short story, you might not take document security seriously. You should. Advance information on marketing plans can be useful to competitors (and sometimes to hostile third parties). Stolen drafts of fiction can be plagiarized or (depending on how well known the author is) sold or shared, hurting the writer’s sales. Not only that, information that might not seem important by itself can be used to get important information, as we saw in number 6, above.
And if you’ve had your document security compromised and your clients find out, the cost of the theft or ransom might pale in comparison to the cost in business due to damage to your reputation—and perhaps the lawsuits that follow, especially if your contract stipulates stringent document security requirements.
10. Use Unsecured Public Wi-Fi
If you use your computer on an unsecured public Wi-Fi, any other person using the same Wi-Fi who has the necessary knowhow can get into your computer and get all sorts of information that will be useful for identity theft—or just plain old-fashioned theft. Likewise, logging in to a site on someone else’s computer (a colleague’s, or in a library or other public location) and then not logging out is leaving that door wide open.
11. Ignore Warning Signs
You suddenly receive hundreds of spam emails for no apparent reason. Here’s a good idea: delete them all en masse and pay no attention. That way the one true warning from your provider will be lost. A sudden onslaught of spam can be from something called email bombing, which relies on the principle of “crying wolf”—people eventually ignore false alarms, which can lead to them ignoring real alarms too.
If something seems suspicious, it’s important to investigate. Here’s what to be aware of.
12. Pass Around Confidential Documents
If you have private documents and you send them unencrypted by email, don’t expect them to stay private. Anything you send by email can, accidentally or otherwise, end up with just about anyone (by the way, this is also why never to express brutally honest opinions of third parties in emails). Similarly, if you upload a private document to an unsecure site or service provider, or work on it on a site without proper access restrictions, it’s halfway to being a poster on the wall as far as interested nefarious parties are concerned. Editors should take care with every type of software that you use with client documents. Ask yourself if the software uploads any information to a server, if that’s desirable, and if it’s even allowed under your contract.
Improving Your Security
So, do any of the 12 tips above look like things you might have done maybe once or twice? If so take a few minutes to think through your security. These issues are real, and even improving just one or two items on the list will help your business. There are a lot of people out there who have many ways and reasons to steal your information—and worse. They only need to succeed once. This is the kind of issue that doesn’t have any cost …until it has an enormous one.
Security at PerfectIt
Security considerations extend to any software you use. When you work with PerfectIt, you can be confident you are using a tool that provides a very high level of security. PerfectIt’s clients include many of the world’s most important—and most security-minded—companies.
The Windows version of PerfectIt doesn’t send any of your data anywhere. No information of any kind leaves your computer, and it does not connect to the internet at all.
If you use PerfectIt Cloud, your data is sent by secure connection to one of our servers in Northern Europe or Canada and kept encrypted; it exists there only for the duration of processing and is deleted and forgotten after that process is complete.
Security matters, to you and to us. And we take your document security as seriously as we take the excellence of your editorial results.