- IDs & Accounts
- Networks / Telephones
- Academic Services
- Information Security
- Web Services
- Bobcat Depot
- OIT Projects
- About OIT
Monday, June 16, 2014
Did you know that anyone with image editing software can look at a scanned document with marked-out security information, use a tool to erase the blacking and look at your information? To send such a document, you must properly redact sensitive information.
You may think that if you can’t physically see sensitive information, no one else can. However, just because you cannot see it does not mean that it is not present. For example, covering sensitive information with permanent marker is easily defeated through scanning the page and using Photoshop to remove the black ink.
Likewise, do not place a white box over information in Microsoft Word. All the recipient needs to do is drag the white box to reveal that information.
Even exporting the document into a pdf with blacked-out information is risky. People who are familiar with the Acrobat format will be able to find the blacked-out material.
The best approach is not to share documents that contain sensitive information in the first place.
If sending a document is unavoidable, you have two options, both of which include printing and scanning: You can create a new document and use dummy information or you can cover information with a black box. In either case, the next step is to print the document out, scan the printout and use that scanned image to transfer the information. You must send only the scanned version.
Keep these tips in mind as you share documents. Remember: if the information has been in the file, someone can find it.