Board pack going out tonight. Twelve directors, three external advisers, one PDF with figures that move share prices. The risk isn't a hacker — it's a director forwarding to a partner who forwards to a friend.
Layer the defences. Each one is cheap.
Watermark every page
A diagonal watermark across every page reading "CONFIDENTIAL — [Recipient Name]" makes forwarding visibly risky. Use annotate PDF to apply. Personalised watermarks (per-recipient name) raise the friction further — leaks become traceable. This single step deters more leaks than any encryption.
Password-protect
Password-protect the file and send the password by separate channel. For board packs, the password convention can be standardised (e.g. "Board2026" or a phrase from the chair's covering letter) so directors aren't constantly asking for the password. The point is to break the link between file and access.
Flatten after annotating
Flatten the PDF after watermarking so the watermark becomes part of the page content, not a removable annotation. A recipient who's determined enough can still remove flattened watermarks with effort — but the deterrent effect remains.
Distribution log
Track who got the pack, when, and via what channel. The log is your evidence trail if a leak is investigated. For board packs especially, the chair's office usually maintains this. For sensitive deal packs, the deal lead. Don't distribute without a log entry.
Retention
Confidential financial packs shouldn't live forever in active systems. Set a retention policy — typically the directors' personal copies become read-only after the meeting, and the master is archived. Hard deletes after the retention period reduce the data exposure.
FAQ
Can watermarks be removed from a flattened PDF?
With effort, yes — but the friction is high enough to deter most casual forwarding. For absolute security, watermarks are a deterrent, not a guarantee.
Should I use personalised watermarks?
For high-sensitivity distribution (M&A, board packs), yes. Each recipient gets a watermarked copy with their name. Leaks become traceable.
How strong should the password be?
For confidential financial data, 12+ characters with mixed case, digits, and symbols. Standard conventions are weaker but acceptable when combined with watermarking and distribution logs.
Can a determined attacker bypass all this?
Eventually — no defence is absolute. The aim is layers that raise the cost of misuse beyond casual or accidental leaks.
Layer the defences and the leak risk drops dramatically. Start with password protection in Flint and add watermark, flatten, and log.