There’s more than meets the eye in many of the files workers attach to their business emails. Hidden data in these files called metadata — data that describes data — can contain sensitive information that has the potential to cause your company irreparable harm if inadvertently exposed. And an average of one in 10 business emails contains such potentially damaging information, according to a newly released white paper.
This information can includethe properties of an electronic file, such as its author and the date it was created, previous revisions, insertions, deletions, tracked changes and comments. It also includes who sent and received the file.
Virtually all types of files contain metadata. Because of their widespread usage and distribution in business, Microsoft Word, Excel, PowerPoint files, PDFs and image files are the most likely files to contain potentially harmful metadata.
The increasing use of mobile devices at companies and the "bring your own device" (BYOD) trend only exacerbates the hidden data problem, according to the white paper published by Litera, a document management solutions provider.
According to Litera, 96 percent of all mobile device and tablet users access business email from their devices, and a third are able to access their company’s central document repository. What’s more, 86 percent of mobile device users forward emails that have a document attached. The number of professionals who work remotely is predicted to increase, amplifying the problem. Along with this trend is the reality of BYOD.
Many businesses understand the risk of leaking sensitive information through the metadata in attachments and may have software tools in place on the desktop that scrub the hidden information. But these tools do not cover documents sent as attachments from mobile devices and webmail. As a result, even with a desktop application in place, as much as 10 percent of business emails still could be leaking information through hidden data in documents.
All of these factors contribute to the pervasiveness of metadata being unwittingly shared with regulators, customers, competitors, the media and other groups that scrutinize business content, Karen Massand, president of Litera, told BusinessNewsDaily. But there are solutions available.
"Experts recommend that businesses use a server-based metadata cleaning tool that ensures all documents attached to emails are automatically cleaned, no matter how they are sent, whether from the desktop, webmail, mobile devices or tablets," Massand said. "We also recommend that policies are set and enforced at the enterprise level so employees don't even have to think about scrubbing for metadata."
The consequences of the inadvertent release of hidden data can range from the mildly embarrassing to the astronomically expensive. Falling in the latter category was metadata uncovered in a Merck document proved that the company had deliberately deleted information about cardiovascular risk associated with Vioxx prior to submitting the paper to the New England Journal of Medicine. As a result, the pharmaceutical company had to pay $950 million and plead guilty to a criminal charge, according to The New York Times.