Meta Data Defense in Microsoft Word

If you’re the least bit concerned about meta data in Microsoft Word documents (and if you’re not, you should be), you’re already using a meta data cleaner to scrub documents before they leave the office. But for optimal security, you should defend against unwanted meta data during document creation and editing, too. Here are some Microsoft Word features to enable for extra protection.

Unless otherwise noted below, all instructions and screenshots are for Microsoft Office 2010 for Windows.

Status Bar Alerts

The default Status Bar at the bottom of your Microsoft Office applications doesn’t really tell you much—usually just the current page number. Many users don’t realize, however, that it’s highly customizable. Just right-click on it to get this contextual menu:

At the very least, you want to turn on Track Changes and Macro Recording as circled above. Even if you never intend to use either, you’ll want to make sure that neither feature is turned on while you’re viewing or editing a document. The Status Bar will alert you to either at a glance. When Track Changes is enabled, that portion of the Status Bar looks like this:

And when the Macro Recorder is active, its icon in the Status Bar looks like this:

One other advantage of having these enabled in the Status Bar is you’ll have one-click access to these features if you do decide to use them.

Trust Center Settings

Microsoft Word’s Trust Center contains several preventive measures to help keep your documents safe. To access those, click the Office Button in version 2007 or go to the File tab in version 2010, then click the Word Options button. On the left-hand side, click the Trust Center button. Once you’re within the Trust Center, click the Trust Center Settings button.

You’ll want to make sure the following settings are enabled:

ActiveX Settings. At the very least, make sure you’re prompted before any ActiveX controls (embedded programming that sometimes contains malicious code) are run. You can also disable all controls without prompting, although that might be too restrictive. Do not “enable all controls without restrictions and without prompting.”

Macro Settings. Choose one of the “disable” settings. I recommend “disable all macros with notification.” That way, if a macro does attempt to run in a document, you’ll be notified.

Message Bar. A helpful bar at the top of the application shows when content has been blocked. Click the button next to “Show the Message Bar.”

Privacy Options. In the Document-specific settings section, check the boxes next to “warn before printing, saving or sending a file that contains tracked changes or comments” and “make hidden markup visible when opening or saving.” Those two settings, combined with the Track Changes notification in your Status Bar, will alert you to marked edits so you can prevent your document changes from becoming visible to another party.

Document Inspector

Microsoft Word’s own meta data cleaner, the Document Inspector, can serve as a first-level defense against compromising meta data, in tandem with your firm’s batch meta data cleaner. To access it, click the Office Button in version 2007 or go to the File tab in version 2010, then click Prepare (underneath the Print icon) and go to Inspect Document to run the Document Inspector. Microsoft Word will report any suspicious items it finds and give you a chance to correct them before finalizing the document.

Both/And, not Either/Or

Using these settings in Microsoft Word won’t eliminate the need for a meta data cleaner. You need both. But these features (along with other security measures) can give you that much more peace of mind when transmitting legal documents.

(photo:

1 Comment

  1. Avatar Regina says:

    I don’t know how effective it is, but if I have to send a word doc, I also cut and paste the content into a new doc and send the new doc out.

Leave a Reply