There is a regular parade of stories in the media about companies accidentally losing data, either in hard copy or digital format. Mark Hiller, GM of Lexmark SA, outlines five steps companies can take to greatly reduce the risks associated with printers and multi-function printers (MFPs):
Traditionally, the focus for security is on preventing external threats such as viruses and hackers. However, internal threats like leaks or the unauthorised distribution of secure content are potentially costly security breaches that need to be addressed.
This is especially relevant for South African companies in light of the passing of the POPI Act in November last year. The Act states entities must take appropriate and reasonable measures to protect personal information.
This points to the importance of companies keeping their own security and data protection up to date, as well as making sure anybody who handles data on their behalf does the same. Failure to do so might expose the company, as well as stakeholders associated with it, to undeniable legal ramifications that could damage their operational effectiveness.
Encryption
Hard disks in printers and MFPs can be configured to use encryption. This ensures all data sent to - and stored by - the printer or MFP is encrypted. Hard disk encryption scrambles all data that is active, at rest or left on the hard disk by a previous job. When this feature is enabled, an encryption key unique to the specific printer or MFP and hard disk is created. The intent is if the hard disk is stolen or removed, it will not yield usable information.
Authentication
An MFP can be configured to authenticate and authorise users against internal accounts, passwords and PINs - as well as against a corporate directory through an encrypted channel. These authentication methods are secure over an SSL channel and are compatible with Active Directory and other directory-server platforms.
This enables device administrators to select individual users and appropriate groups to make changes to a device based on the device's function and access rights. Furthermore, they can grant individual users and appropriate groups the right to access a particular device function or functions, while restricting other users or groups from using the same functions.
This can be augmented with security templates or automatic e-mail address insertion for workflow and scanning.
Monitor sensitive information
To stop unauthorised flow of sensitive information, implement a tool to monitor and audit the information passing output devices. This means creating a searchable digital image file of every document that is printed, scanned, copied or faxed (regardless of source).
A secure content monitor will give an organisation the information needed to spot leaks and establish a strong defence.
This can be extended to track security-related events with features that track device setting changes and export these into detailed logs describing system, user or activity events. The event tracking feature proactively tracks and identifies potential risks and integrates with your intrusion-detection system for real-time tracking.
Network device hardening
An unsecured printer or MFP connected to the corporate network can be a vulnerability open to exploitation by external hackers and internal threats.
Hardening a networked device is a powerful way to secure its network interfaces from malicious users. This includes blocking unnecessary features and functions, locking down any remaining interfaces, and securing the data hosted by the device.
For maximum protection, these features should be embedded in the device's firmware, including techniques like port filtering and TCP connection filtering to make them resilient to network attacks.
Shred it
Once sensitive information is printed it's out of the hands of digital protection. Proper paper disposal processes and a good quality shredder can ensure physical copies don't fall into the wrong hands once they're done with.
It's clear keeping confidential information secure within an organisation isn't as easy as it seems. There are both external and, sadly, internal threats to consider as well as mishaps to worry about.
Even if you monitor your electronic communications, you're likely to have a lot of unsecured papers floating around which, unfortunately, can lead to serious information leaks. As such, protecting sensitive information must remain a top priority for businesses.
By taking action to prevent leaks before they happen, a business can keep sensitive documents safe, secure and in the right hands - protecting the organisation and providing peace of mind.
Share