Here is what we do to reduce information leakage when delivering data to the client.
We use an information-sharing system with DLP when sending any sensitive information to our clients. This includes contracts, portfolios, and other sensitive documents.
Attack Surface Manager (ASM) has the feature of creating signed download URLs with an expiration date when downloading reports, meaning that links expire and can only be used by the user who requested the download.
All reports downloaded via Attack Surface Manager (ASM) have a randomly generated four-word passphrase. This passphrase is sent to the email of the user who requested the download. This applies to both XLS and PDF formats.
Every report downloaded via Attack Surface Manager (ASM) comes with a watermark on all its pages, specifying that only the individual who generated it is allowed to read it. This is used as a measure to identify who generated the report in the first place and discourage its distribution through channels other than Attack Surface Manager (ASM).