Could a Data Breach Sink Your Fleet?

You hear about it all the time:

• Chinese hackers continue to conduct cyberattacks on U.S. government and private networks.
• The Russians reportedly hacked the Democratic National Committee.
• In 2013, Target was hacked and 40 million customers’ financial data was exposed.

Information security is a top-of-mind concern for every organization. From document workflow for office knowledge workers, to company-wide infrastructure networks and output devices, protecting intellectual property and complying with legislative regulatory requirements is mission critical. Whether you work with an information technology team or you have sole responsibility as the copier fleet manager, you are an important stakeholder.

In organizations of every type and size, troves of private and proprietary information are being compromised either due to carelessness or as a result of malicious attacks. Many of the breaches are occurring where the damage they do can be especially severe: in environments that prepare sensitive documents for print and electronic distribution.

These breakdowns of confidentiality undermine the credibility of the organizations that suffer them. They disrupt the lives of affected stakeholders. They also cost a great deal of money. According to the 2015 Cost of Data Breach Study by IBM and the Ponemon Institute, the average total cost of a data breach for the companies taking part in the research increased from $3.52 million to $3.79 million between 2013 and 2014. The average amount paid for each lost or stolen record containing sensitive and confidential information increased from $145 to $154.

Security at the Copier

Consider the copiers and printers that are prevalent in your environment. They have open output trays from which anyone — data thieves included — can pick up sensitive documents. They have hard drives full of retrievable information from previously printed jobs. They are connected to potentially hackable networks. They may be controllable via unsecured, unencrypted mobile printing applications. They may even be in place without management’s knowing they are actually there.

In years past, most security threats were perceived to come from the outside. The focus by IT administrators and fleet managers was securing the perimeter against network intrusions and virus attacks. In today’s world, statistics show that a large percentage of data breaches come from the inside. In fact, according to Quocirca, 63% of businesses have experienced one or more print-related data breaches.

The silver lining in all of this mayhem can be found in several solution methods that address these threats from both a hardware and software approach. As an example, copiers and MFPs can be “hardened” to ensure that the data that they output are encrypted, both in transit and at rest (SSL data transport protocol and features like hard disk erase). From a software perspective, popular print management solutions offer safeguards such as user authentication, which tells the device which features and functions the user is allowed to use and initiates “pull printing,” which prevents sensitive documents from lying around exposed in output trays by forcing the user to authenticate and physically release the job.

In a future issue of IPG I will discuss some of the concrete steps you can take to secure documents in your organization.