If you’re like most business owners, you and your employees use PDFs for some aspect of your business. But did you know that PDF files are the #1 type of file used in cyberattacks? It’s true. Believe it or not, hackers really like PDF files. Out of all the kinds of files that can be turned into cyberweapons, PDF files top the most-used list, according to research from Barracuda Networks. The research showed that nearly 41 million PDF files were involved in cyberattacks in just a three-month period. The good news is, there are things you can do to prevent this. Find out why hackers like to use them and how to protect your business.

When PDFs Go From Helpful to Harmful

You probably already know that PDF files can do a lot more than display text. For example, they can play animations and serve as electronic forms. PDFs offer advanced capabilities, such as the ability to execute system commands and JavaScript code on computers, smartphones, and other devices. These files can also contain embedded files and hidden objects. That’s where hackers come in. Cybercriminals like to use these advanced capabilities to create unsuspective PDF files loaded with malware.

In addition to sending malicious files, hackers also like to exploit security vulnerabilities in the software you use to open and display PDF files, such as Acrobat Reader and other Acrobat programs. By taking advantage of security vulnerabilities, cybercriminals can gain unauthorized access to your devices…and your information. 

How to Protect Your Business

One of the best ways to prevent PDF-based cyberattacks is to uninstall or disable PDF software and tools. Unfortunately, this is often impractical. If you work with PDFs every day or even every week, you most likely don’t want to install and uninstall software daily. Fortunately, there are other measures you can take to protect your business from PDF-related security threats.

  • Educate employees on the dangers of opening PDF files attached to emails. Even if an email appears to come from someone they know, it is always better to triple check the exact email address being used. Sometimes, your email account will even give you a warning if a file seems suspicious. If you get this kind of warning, ask your IT department before downloading anything. A hacker could be masquerading as the sender by spoofing the email address displayed in the “From” field. Alternatively, a hacker could have hijacked the sender’s email account and used it to send a malicious PDF file to everyone in the person’s contact list.
  • Warn staff about the dangers of downloading and opening PDF files they find on the Internet. When you don’t know the source of a PDF, you are putting yourself more at risk of a cyberattack.
  • Make sure that PDF apps (e.g., Acrobat Reader) and web browsers with built-in PDF readers (e.g., Microsoft Edge) are updated as needed so that known vulnerabilities are patched. You should also update PDF web browser extensions. If you are using any extensions that are not updated by their developers, you should consider disabling or uninstalling them.
  • Verify that the operating systems on your devices are being updated as often as they need to be. This is particularly important on computers running Windows 10, since this operating system includes the built-in Print to PDF tool.
  • Confirm that each device’s security software is being updated in case an employee inadvertently opens a PDF file that contains known malware.

Cardinal Technology Solutions can offer additional recommendations if your employees regularly work with PDF files, especially if the files are from unknown third parties. Contact us today!