Subscribe

POPI and printers: how a non-compliant printer can be a company's downfall

By Werner Engelbrecht, General Manager at Kyocera Document Solutions South Africa.


Johannesburg, 03 Sep 2018
Werner Engelbrecht, General Manager at Kyocera Document Solutions South Africa.
Werner Engelbrecht, General Manager at Kyocera Document Solutions South Africa.

GDPR/POPI and how it pertains to printer security

The General Data Protection Regulation (GDPR) went into full effect at the end of May, and our own Protection of Private Information Act (POPI) will go live by the end of this year.

Getting your organisation compliant with both sets of regulations is in your best interest, as non-compliance carries stiff penalties, like fines, that could potentially bankrupt your organisation, says Werner Engelbrecht, General Manager at Kyocera Document Solutions South Africa.

The fact that the POPI go-live date is still a way off doesn't mean organisations should not already be starting the process of complying.

GDPR brings with it all kinds of new laws that govern how the data of European Union citizens must be used and stored. It also introduced penalties for non-compliance, and in some cases, these can be quite heavy, up to 20 million euros or 4% of annual global turnover, whichever is highest.

This is of great concern, as now a non-GDPR-compliant printer could potentially bankrupt a business, and we anticipate that POPI will be similar, says Engelbrecht.

At first glance, this seems far-fetched, but under GDPR that's entirely plausible since printers store and process huge amount of documents, some of which will inevitably contain data belonging to European citizens.

Printers remain a point of vulnerability

It's also incredibly easy to breach GDPR's rules with printers, as they remain a point of vulnerability for any organisation that uses them. Factors like age, out-of-date firmware or operating systems, open ports, storage accessibility, and even the human factor leave them wide open to data theft, which is what GDPR seeks to contain.

And while these issues already have solutions, the fact remains that often they are not implemented or are simply overlooked, leading to non-compliance. Under GDPR, organisations could possibly be fined for merely owning unsecured printers, and since the fines aren't small, it's in everyone's interest to get compliant, and fast.

Kyocera is not unaware of these issues, and has put measures in place to help organisations ensure their printers won't land them in hot water.

One of the tools to help with security and compliance is called SecureAudit, a diagnostic JSON/printable report that shows all open ports, protocols, registered accounts, job boxes, installed apps and USB status on compatible devices.

Having this information easily to hand means administrators can take appropriate action to secure their devices long before hackers, the European Union, or government come sniffing. Fortunately, Kyocera printers have many functions already built-in that can help administrators ensure they are as secure, and therefore GDPR/POPI compliant. For example, all Kyocera printers perform self-healing and self-protecting checksum operations every time they boot up, and flag up unauthorised configuration changes. They can also turn off protocols that aren't needed and lock down specific ports at the behest of the administrator, resulting in MFPs that are far more secure. While USB functions, like printing from, or saving to, USB drives directly, are handy at times, they can also be a point of vulnerability. Concerned admins can disable USB port functions as well as optional interfaces entirely on Kyocera printers.

One often overlooked aspect of general printer security is end-user education, but it's essential to maintaining a secure environment, as the human factor can and does lead to vulnerabilities that only training and awareness can address, like the tendency to leave sensitive documents on the output tray, or unattended at desks.

To that end, we offer our partners extensive training on our products, their security options, and printer security best-practices, which they then pass on to their clients. Training and user awareness is a crucial step towards ensuring every organisation's printing ecosystem remains secure and compliant.

These, and many other features we've added to our MPF offerings over the years, are there to make printing both more secure and easier for the end-user. They just need to be activated and configured and users need to be made aware of them so they can do what they need to do, which is keep your organisation safe and not at risk of contravening all of the new data protection rules that are here, or coming.

At the end of the day, protecting data from unauthorised use or access is in everyone's interest, but unfortunately it takes the threat of massive fines to get the buy-in needed to make it happen. Be sure you're not caught short by neglecting to secure your on-premises printing devices.

KYOCERA has long been prepared for both GDPR and POPI, so get in touch if you need some help getting your own compliance strategy going.

Share

Kyocera Document Solutions South Africa

Headquartered in Midrand, Kyocera Document Solutions South Africa is a country level subsidiary of Kyocera Document Solutions and is responsible for the sales and marketing of Kyocera printers and document solutions throughout southern Africa.

Kyocera Document Solutions South Africa is renowned for its tailor-made document solutions that provide a perfect blend of premium products, software solutions and professional services that increase an organisation's workflow efficiency, enhance employee productivity, minimise environmental impact and significantly reduce operating costs.

The company offers world-class monochrome and colour printers, multifunctional products, parts and supplies, as well as software solutions.

A key differentiator for the Kyocera brand is the primary focus on overall value as opposed to only considering the initial acquisition price. Its solutions portfolio and Managed Document Services division help customers to reduce costs and environmental impact, at the same time as improving the efficiency and reliability of common business processes.

Kyocera Document Solutions is a wholly owned subsidiary of Kyocera Corporation, which is a leading manufacturer of hi-tech ceramics, electronic components, solar cells and electronic office equipment.

For further information, visit www.kyoceradocumentsolutions.co.za.

KYOCERA Document Solutions

KYOCERA Document Solutions, headquartered in Osaka, Japan, is a leading manufacturer of document imaging solutions and document management systems, including colour and monochrome multifunctional products as well as printers and wide format devices. KYOCERA's products are renowned for their unique long-life imaging components that provide greater reliability and less waste, resulting in a lower total cost of ownership (TCO) over the life of the product. The KYOCERA Document Solutions portfolio does not stop at hardware. A full suite of business applications and consultative services allow customers to optimise and manage their document workflow, unleashing the full potential of their hardware investment.

KYOCERA Document Solutions is a core company of KYOCERA Corporation, the world's leading developer and manufacturer of advanced ceramics and associated products, including telecommunications equipment, semiconductor packages and electronic components. During the year ended 31 March 2018, KYOCERA Corporation's net sales totalled 1 557 039 million yen (approximately EUR 12 billion). For more information and press-ready photos, visit

https://www.kyoceradocumentsolutions.eu/.

Editorial contacts

Ingrid Lotze
join.the.dots
(+27) 011 568 0709
ingrid@jtd.co.za
Marcom Department
Kyocera Document Solutions
(+27) 11 595 2600
marcom@dza.Kyocera.com