Many organisations fail to adequately protect themselves from data breaches. Did you know that 26 million individuals were impacted by data breaches since 2009? A Survey by the Healthcare Information and Management System’s Society published in February 2014 revealed that a staggering 83% of respondents had little to no confidence they could detect all loss or theft of patient data.
These concerns are well founded. Many organisations fail to realise the great number of electronic touch points a document goes throughout its life cycle. Every time a document is copied, scanned, printed, faxed or emailed, it can be accidentally exposed or intentionally compromised.
One of the devices vulnerable to data breach incidents are digital copiers. Digital copiers, also known as multifunction devices (MFDs) are office machines that have the ability to print, scan, copy and fax. They have hard drives, embedded firmware, and the ability to communicate with other systems on the network. They make our lives in the office and at home easier, but they also give rise to security vulnerabilities. As such, organisations should incorporate these devices into their data security procedures.
– The average organisational cost of a data breach is £5.4 million
– The average “cost per record” of a data breach is £201
– 26 million individuals were impacted by data breaches since 2009
– Both malicious attacks and negligence were responsible for data breaches
– 25% of reported data breaches were caused by the accidental loss or destruction of personal data
The message is clear. Multifunction devices can pose a threat to security. We put together 9 recommendations based on common scenarios that exist in most environments that will address security vulnerabilities in network printing, scanning and faxing.
Require user authentication for auditing purposes.
Authentication enables the auditing, reporting and tracking of user activity as well as various other security features. There is no MFD less secure than one that allows anonymous usage.
Restrict access based on user authorisation.
Just because a user has authenticated into the system, doesn’t mean they should have access to every function.
Centrally audit all network activity.
Auditing allows the MFD to pass tracking information to a database. It will allow you to easily track down which device was the source of the breach, tell you who the authenticated user was and where the data was sent. Reviewing the audit log helps organisations to identify a breach, take prompt corrective action, issue the necessary notifications and avoid the cost of fines.
Encrypt data to/from MFDs.
Communications between smart MFDs and mobile terminals, servers and destinations should be encrypted to ensure that documents are only visible to those users with proper authorisation.
Only release print jobs to authorised personnel.
Secure printing requires that users authenticate at the device before documents are released. Only those documents that are associated with the authenticated user should be printed, and the print job must not be stored on the device prior to printing.
Implement rules-based printing.
Not only does this enhance security and prevent unauthorised users from accessing printed documents, it also reduces the number of print jobs not retrieved, thereby also reducing consumable resource utilisation and printing costs.
Enforce trusted network destinations.
Your security environment may not allow scanning certain types of content to email or consider a workflow which sends email only to specific ‘whitelisted’ addresses.
Monitor and control secure document activity
Simultaneous monitoring and auditing of sensitive information in documents ensures data is controlled before it ever gets to its intended destination.
Implement network faxing.
Eliminate direct analogue faxing by adopting a centralised fax server solution.
Additional Recommendation: Standardise and integrate network scanning.
The scanning of a file to a network folder is the most common, and unfortunately, usually the type of workflow that is left most insecure.
To prevent damaging data breaches, an organisation must control and protect both the physical and electronic access points on their MFDs. The monetary penalties, settlements and costs for failing to secure documents are increasing and there are simply too many touch points that create risk. Most of these involve the very technologies that organisations are counting on.