Guest article by David Gibson, managing director Altodigital www.altodigital.com
After several decades of rhetoric and education, the majority of organisations are well versed in the language of encryption, passwords and authentication, and as a result have fortified their computers and networks against intrusion. However, within every office exists an often-neglected piece of kit with the potential to derail even the most well thought out data protection strategy: the photocopier / printer.
Many organisations are still not fully aware of the risks posed by their printing devices to data security. As printing environments become more complex, theft, carelessness and neglect are leaving businesses vulnerable to attacks – many of which can be internal as well as external.
Left in the wrong place or for too long in a tray, faxed, printed and copied documents are as vulnerable as any other piece of data that an organisation produces, meaning that confidential documents risk falling in to the wrong hands.
Examined in terms of the Data Protection Act, and the current EU data protection reform, such an oversight could have dire consequences. Businesses handling sensitive data, such as legal firms and public sector organisations, will need to take these threats seriously, or risk falling foul of the Information Commissioner’s Office (ICO), as demonstrated by the following example:
A council in the North of England breached the Data Protection Act in 2011 by accidently disclosing personal data to a third party following a printer mix-up. The information, which included sensitive personal data, was mistakenly collected from a shared printer, before being copied and posted.
The ICO said at the time that the case highlighted the need for employees to take responsibility and ownership of tasks that involve handling personal data. The ICO argued that if the documents had not been left unattended by the printer and had been carefully checked before they were sent out then the situation could easily have been avoided.
With calls to fine companies 2% of their turnover for breaching the regulations, businesses now need to cover every base and ensure employees are fully aware what data protection policies are in place within the firm and ensure that they are compliant with existing legislation.
With careful planning and management there is no reason why printing devices should be the weak link in a data protection strategy. Organisations will need to examine both the physical aspects of their printing strategies (i.e. location of printers, password protection etc.) as well as more high-tech solutions such as data encryption and secure document release via authentication. With this in mind, firms should be looking at the following four key points to help ensure document security:
• Assess – Assessment of your print environment, analysing the level and severity of the risks posed
• Prevent – Implement a secure configuration that prevents breaches, mitigates threats and reduces risk
• Optimise – Optimisation of devices and implementation of security policies to protect documents so they can be securely stored and accessed
• Support – Continual monitoring, on-going technical support and development to provide total protection and efficiency