PDF files have become industry standard for sharing documents using email attachments. Similar to Microsoft Office files, PDF files may contain active content (interactive forms, multimedia content, scripts) that can make changes to Windows and exfiltrate data. There are several settings that provide warnings and protection when opening a file from an untrusted location.
On September 14, 2021, Adobe released security updates for many of their software packages, including Acrobat & Acrobat Reader (https://helpx.adobe.com/
apsb21-55.html), XMP Toolkit SDK and Photoshop (https://helpx.adobe.com/
Help > Check for Updates
Enable Enhanced Security
These settings will issue a warning whenever a restricted action is called that is not from a trusted location or file. Several types of warnings are shown below.
Edit > Preferences > Security (Enhanced)
Check "Enable Enhanced Security"
Check "Enable Protected Mode at Startup" (for Acrobat Reader)
Check "All Files" (for Acrobat)
If there are trusted websites that send you PDF files with active content, you can add those sites to "Privileged Locations" list. You can also add specific PDF files or folders where you save these files.
These settings will provide you better protection and warnings than you get with default configurations.
If you receive an email you weren't expecting from a sender you don't know with a PDF attachment you're not familiar with, it's still good practice to delete the message. If you know the sender or their company, call the company and verify the message is legitimate. Or contact our team and we'll let you know if the attachment is malicious.
If you regularly communicate with other firms, their potential lack of security preparedness can impact your firm. Encourage them to contact us & we'll help them assess their own cybersecurity to keep you both secure.
Want to better recognize and handle threats to your network, data and devices? Register for our next free 1/2 hour webinar "IT Security for the Common Worker 101B at: http://leeshanok.hubspotpagebuilder.com/leeshanok-cybersecurity-webinar-101b-registration-oct-2021