POPI and printers: how a non-compliant printer can be a company's downfall
By Werner Engelbrecht, General Manager at Kyocera Document Solutions South Africa.
GDPR/POPI and how it pertains to printer security
The General Data Protection Regulation (GDPR) went into full effect at the end of May, and our own Protection of Private Information Act (POPI) will go live by the end of this year.
Getting your organisation compliant with both sets of regulations is in your best interest, as non-compliance carries stiff penalties, like fines, that could potentially bankrupt your organisation, says Werner Engelbrecht, General Manager at Kyocera Document Solutions South Africa.
The fact that the POPI go-live date is still a way off doesn't mean organisations should not already be starting the process of complying.
GDPR brings with it all kinds of new laws that govern how the data of European Union citizens must be used and stored. It also introduced penalties for non-compliance, and in some cases, these can be quite heavy, up to 20 million euros or 4% of annual global turnover, whichever is highest.
This is of great concern, as now a non-GDPR-compliant printer could potentially bankrupt a business, and we anticipate that POPI will be similar, says Engelbrecht.
At first glance, this seems far-fetched, but under GDPR that's entirely plausible since printers store and process huge amount of documents, some of which will inevitably contain data belonging to European citizens.
Printers remain a point of vulnerability
It's also incredibly easy to breach GDPR's rules with printers, as they remain a point of vulnerability for any organisation that uses them. Factors like age, out-of-date firmware or operating systems, open ports, storage accessibility, and even the human factor leave them wide open to data theft, which is what GDPR seeks to contain.
And while these issues already have solutions, the fact remains that often they are not implemented or are simply overlooked, leading to non-compliance. Under GDPR, organisations could possibly be fined for merely owning unsecured printers, and since the fines aren't small, it's in everyone's interest to get compliant, and fast.
Kyocera is not unaware of these issues, and has put measures in place to help organisations ensure their printers won't land them in hot water.
One of the tools to help with security and compliance is called SecureAudit, a diagnostic JSON/printable report that shows all open ports, protocols, registered accounts, job boxes, installed apps and USB status on compatible devices.
Having this information easily to hand means administrators can take appropriate action to secure their devices long before hackers, the European Union, or government come sniffing. Fortunately, Kyocera printers have many functions already built-in that can help administrators ensure they are as secure, and therefore GDPR/POPI compliant. For example, all Kyocera printers perform self-healing and self-protecting checksum operations every time they boot up, and flag up unauthorised configuration changes. They can also turn off protocols that aren't needed and lock down specific ports at the behest of the administrator, resulting in MFPs that are far more secure. While USB functions, like printing from, or saving to, USB drives directly, are handy at times, they can also be a point of vulnerability. Concerned admins can disable USB port functions as well as optional interfaces entirely on Kyocera printers.
One often overlooked aspect of general printer security is end-user education, but it's essential to maintaining a secure environment, as the human factor can and does lead to vulnerabilities that only training and awareness can address, like the tendency to leave sensitive documents on the output tray, or unattended at desks.
To that end, we offer our partners extensive training on our products, their security options, and printer security best-practices, which they then pass on to their clients. Training and user awareness is a crucial step towards ensuring every organisation's printing ecosystem remains secure and compliant.
These, and many other features we've added to our MPF offerings over the years, are there to make printing both more secure and easier for the end-user. They just need to be activated and configured and users need to be made aware of them so they can do what they need to do, which is keep your organisation safe and not at risk of contravening all of the new data protection rules that are here, or coming.
At the end of the day, protecting data from unauthorised use or access is in everyone's interest, but unfortunately it takes the threat of massive fines to get the buy-in needed to make it happen. Be sure you're not caught short by neglecting to secure your on-premises printing devices.
KYOCERA has long been prepared for both GDPR and POPI, so get in touch if you need some help getting your own compliance strategy going.