Why printers and MFPs need to be incorporated in an infosec strategy, argues Xeretec’s Cleare
2 August 2017 | 0
Printers and multifunction devices are often overlooked when it comes to information security measures, yet they store and process data on a daily basis, and have the same security vulnerabilities as any other networked endpoint in a business.
Unprotected print devices can be a source of data leaks, yet private data is still being left unclaimed on devices, even though widely known solutions already exist and mitigate against this risk.
Many businesses don’t realise that if they let users print freely without any authentication, they put the business at risk. With a lack of information surrounding the vulnerabilities of printers and MFPs, it comes as little surprise that 70% of companies have experienced at least one data breach through printing, according to Quocirca.
Many companies already have some security measures in place to stop intruders accessing their network or their data and information. However, these measures don’t always fully include the printers or devices.
As critical endpoints, printers and MFPs must be part of an overall information security strategy and protected at a device, document and user level. This means encrypting data in transmission, encrypting and overwriting hard drives, realising print jobs only to authorised users, and protecting devices from malware. Protection should be across the board: a large, mixed fleet containing both old and new devices can leave security gaps.
There are numerous avenues to consider in document security, and a wide variety of documents and document sources that may contain personal information. It is not enough to protect simply the output of a printer or MFP, it must also be considered that the device is a networked device which can therefore be hacked remotely, as demonstrated by Stackoverflow in in February 2017. Documents must also be protected, however, in both physical and soft copy formats wherever they are filed, be that on PCs, in on-premise servers, in the cloud.
There are many solutions available to deal with getting ready for GDPR. It’s not a one-size-fits-all solution, because different organisations will have different gaps in their GDPR compliance. For instance, a tailored workflow solution such as Sharescan allows documents to be sent directly to the correct destination reducing the need for manual handling and therefore less chance of document corruption through human error. It also tracks who has altered each document.
A card release system, such as Equitrac, ensures no hard copies are left uncollected on printers, and will also track who printed what documents and when. Scanning to secure locations such as OneDrive can reduce likelihood of breaches with physical documents, and having an auditable document trail is helpful.
Protecting all devices
It is important to protect both legacy and new devices, implementing solutions for encryption, fleet insight and visibility, and intelligent tracking of all device usage. This enables businesses to track what information is printed or scanned, on which devices, by whom–allowing for a speedier resolution in the case of a breach.
Also look to use endpoint data loss prevention tools at this point to gain insight as to what likely Personally Identifiable Information could be being transferred via an MFP (for example, scanning personal information via the MFP to email or cloud storage).
In order to monitor and detect potential breaches, ongoing and active visibility into device usage will ensure that devices are being used appropriately in accordance with any organisational policies that have been put in place. It is also important to implement such solutions to accelerate the time taken to identify and respond to a breach, as this is key to GDPR compliance.
Modern MFPs come with built-in security features such as data encryption and image overwrite; Xerox devices even go so far as to include Cisco software to protect data paths and McAfee whitelisting too. Rules, restrictions and rights in your file structure or Document Management Systems will help prevent unauthorised people from accessing data, and as previously mentioned card-based printing goes a long way to help with transparency and accountability.
Using an advanced solution, it is possible to automatically analyse print, scan and copy activity to detect and block the printing of any sensitive data before it is released by the printing device. It’s even possible to remove sensitive data from the document being printed/copied/scanned without affecting the original document, or without requiring manual intervention. In addition, overlays can be added as a rule when sensitive data is detected in a document, or alternative workflows can be triggered in order to send the document to a secure location for review before permission is granted to print it/copy it/release the file. Going one step further, security alerts can be triggered so those in charge of compliance would be made aware of what is being printed and who is trying to print it. This could also be used to automate your breach notification procedure. This isn’t something that every print management application can do, but with an advanced setup it is possible to ensure that sensitive data isn’t being printed, helping you to remain compliant with GDPR when it comes to printing processes.
As part of a Managed Print Assessment in any organisation, it is important to assess every aspect of a document’s journey. Many print assessments focus only on costs and volumes but it is important that this now extends to include security as well, to identify any gaps in a company’s compliance; the aim would then be to recommend appropriate technology to address any issues. A print assessment tool, such as Xeretec Vision, identifies all of these aspects and makes recommendations not just on the current scenario but also takes future “what if” scenarios into consideration.
There are countless benefits to going through the process of ensuring GDPR compliance with your print and document environment. The business will be protected from hefty fines and the negative side effects of a breach. Assessing and updating current systems can greatly improve productivity and efficiency, reduce cost through lower print volumes, and deliver greater insight into printing habits across the board.
Tom Cleare, general manager, Xeretec