If you are responsible for network security for a financial services firm, the argument can be made you have the most difficult job in information security. Why? According to research from IBM x-Force Research, in 2016, the financial services industry was the most targeted industry for cyber-crime – 65 percent more than any other industry.
According to this same research, financial services security leaders saw a 29 percent increase in attacks from 2015 to 2016, with an astounding 200 million records breached last year alone – a 937 percent increase over the previous year. What makes your job really difficult, however – 58 percent of the breaches were insider attacks resulting in the unauthorized release of information.
This means despite the fact that billions are being spent on perimeter defense and device-control solutions, cyber adversaries are still finding loopholes. Some of them in what might seem like the unlikeliest of places.
Say for example, your office printer.
The surprising vulnerability posed by printers
Office multi-function printers (MFPs) and scanners represent one of the most unprotected gaps in many organizations’ security strategies, financial services among them.
Most security solutions focus on networks, database exchanges and email communications, but overlook printers and scanners. Yet these devices are capable of communicating, enabling users to send sensitive information to and from MFPs for printing and scanning. Without a security solution in place, this essentially leaves documents vulnerable to the internet “off ramps” monitored by cyber criminals in search of such materials.
Securing the document ecosystem is key to addressing the vulnerability of your print-and-capture workflow. That includes desktop workflow, PDF and document conversions, document capture and print management, not to mention mobile device workflows.
6 steps to improving MFP security
There are six keys to gaining control of your document ecosystem, and should be considered critical to security in a financial services institution.
1. User authentication: Any action being taken to or from a multi-function device must require user authentication. No exceptions.
2. User-based access control: Only allow users to do what they have permission to do. Remember, 58 percent of financial services document breaches were insider attacks.
3. File destination control: Limit file destinations, for example fax numbers, email domains, network folders, and case management systems.
4. Encryption: Ensure all information is encrypted when sent from a device to a target location such as a fax server, email or network servers, document or content management systems.
5. Complete audit trail: Track and log detailed information about every transaction that flows through your system.
6. Data loss prevention: Take advantage of technology features and functionality such as document encryption and locking, redaction and file-destination control.
If protecting valuable business and customer data has become the modern battleground for security professionals in financial services, organizations must do all they can to protect their print-and-capture workflows. Content-aware print and capture solutions can help bolster your defences with document security and data protection where it is needed.