One of the most common and most sensitive documents that companies handle on a daily basis is invoices. Issuing and receiving them is a fundamental activity for every business, however, people are not always aware of how important they are even after being paid or collected.
Together or individually, they can expose critical information that can be very valuable to your competitors, such as customer lists, product and service descriptions, prices and promotions, or details of key agreements.
However, these files are so common in organizations that they are often treated carelessly or with a complete disregard for security by employees, to the point of being sent via email in unencrypted formats, through instant messaging applications, stored in virtual stores more or less accessible to the public, in physical devices such as pen drives, etc. In fact, it’s quite easy to overlook the importance of the information they can provide to a third party.
Invoices are so common that they are often treated carelessly.
Just do a couple of searches on Google and you’ll realize the extent of the problem. Search for such simple, obvious terms as ‘invoice euros vat inc address tax number date total’ with a filter to show only PDF files, and you’ll find an endless number of sensitive documents that are accessible to the public without companies knowing.
Companies in the textile sector, integrated service companies, travel agencies, etc. The list is too long, especially if you consider how easy it is to protect invoices if you take the appropriate precautions.
First, these and other critical files should never be stored on Internet-facing servers. However, as this can be difficult in the day-to-day reality of the majority of companies, at least it should be checked that those servers are not accessible to the public in such evident places as Google.
In reality, the presence of these and other confidential files in the popular search engine is almost always due to the wrong configuration of corporate servers, or to the fact that these include directories that can be easily crawled by Google’s bots.
Being aware of this and taking the necessary steps to prevent it is one of those simple, effective protection measures that companies often forget about. However, it is very important to understand that invoices contain far more valuable information than may seem apparent at first glance.