Defending The Kingdom

When buying or subscribing to document automation software, you need to take security into account. But how can you know what to look for and what questions to ask potential vendors?

We think you should focus on two specific security risks: transit risk and storage risk.

Transit risk for document automation software

You should ask potential document automation software vendors if their “software client”, which will be installed on your PC, will communicate with their server. If so, you should ask if that communication is encrypted.

If the vendor mentions TLS (new name) or SSL (old name) encryption, then you’re probably in good shape. If they don’t mention any encryption, you should be concerned that your communication could be eavesdropped on via a man-in-the-middle attack.

Storage risk for document automation software

The other risk you need to pay attention to is storage risk. While your information may arrive safely on the document automation provider’s servers, if those servers are poorly protected a hacker might sneak in and grab your information.

So ask about the measures the document automation provider takes to secure documents when “at rest” or “in storage”. They should mention firewalls and possibly even encryption at rest.

However, there is one method of security that is even better than those: a document automation provider that deletes all uploaded content within a specified time range is the most secure of all. It’s impossible for a hacker to steal something that isn’t there.

This is the approach taken by some document automation software providers. Epsillion document automation is an example of a company that deletes customer-uploaded documents on a schedule the company agrees with each client.

Conclusion

In conclusion, consider both transit risk and storage risk when choosing a document automation software provider. Conscientious vendors take security precautions like encryption and regular deletion. It’s your right to ask potential vendors about their security precautions before you agree to become their customer. After all, the customer is always right!

A good firewall does two things: it stops other computers from accessing your computer and it notifies you when programs on your computer want to access other computers (the internet). Firewalls usually block attacks on your computer without much fuss, but they often ask for your opinion before blocking a program on your computer from phoning home. So, suppose you get an alert from your firewall like the one below:

What is msfeedssync.exe? Should you let the program access the internet? If you aren’t familiar with the program name, I recommend searching Google. Just type in “msfeedssyinc.exe” and hit search. Here is an image I pulled from the search results page:

The decision

In my case, since I don’t use Internet Explorer’s feed features, I decided to deny internet access to msfeedssync.exe. It probably wouldn’t have done any harm to give the program access, but it also doesn’t hurt to err on the side of caution. If you later find out that internet access for a program that you previously denied is critical to something you want to do, just open up your firewall program and change the permission settings.

Over time, I’ve come to realize that there are a lot of programs on my computer that want to send data somewhere, but don’t really need to. And by paying attention to the alerts, I’ve caught a couple of spyware programs before they were able to send information about me back to their keepers.