There is a regular parade of stories in the media about companies accidentally losing data, either as a printout or in digital form. Traditionally the focus for security is on preventing external threats such as viruses and hackers. However, threats like leaks, or unauthorised distribution of secure content that may come from inside are a potentially costly security breach that needs to be addressed. In fact, according to the last ‘Data Loss Barometer’ report from KPMG, over the past five years, around one billion people globally have been affected by data loss incidents, and 60 per cent of these were because of hacking.
Thankfully, figures from The Open Security Foundation´s DataLossDB show there has been a gradual decline in the number of incidents in 2013 compared to the record high in 2012. However, that is no reason for a company to be complacent, especially given the increasingly stringent data privacy rules coming into force within the European Union. Companies need to be able to identify and combat these threats and prevent the unauthorised release of paper and digital documents. There are five steps businesses can take to ensure they minimise the potential for leaking information – be it intentionally or by accident:
Hard disks in printers and MFPs can be configured to use encryption. This ensures all data sent to – and stored by – the printer or MFP is encrypted. Hard disk encryption using the 256-bit Advanced Encryption Standard (AES) scrambles all data that is active, at rest or left on the hard disk by a previous job. When this feature is enabled, an encryption key unique to the specific printer or MFP and hard disk is created. If the hard disk is stolen or removed, it will not yield usable information. AES data encryption is the standard selected by governments and military organisations around the world to protect its most highly classified information.
An MFP can be configured to authenticate and authorise users against internal accounts, passwords and PINs – as well as against a corporate directory through encrypted channel. These authentication methods are secure over an SSL channel and are compatible with Active Directory and other directory-server platforms. This enables device administrators to select individual users and appropriate groups to make changes to a device based on a device’s function and access rights. Furthermore, they can grant individual users and appropriate groups the right to access a particular device function or functions, while restricting other users or groups from using the same functions. This can be augmented with security templates and/or automatic email address insertion for workflow and scanning.
3. Monitor Flow Of Sensitive Information
Implement a tool that monitors and audits the information that passes output devices to stop unauthorised flow of sensitive information. This means creating a searchable digital image file of every document that is printed, scanned, copied or faxed (regardless of source). A secure content monitor will give an organisation the information needed to spot leaks and to establish a strong defence. This can be extended to track security-related events with features that track device setting changes and export these into detailed logs describing system, user or activity events. The event tracking feature proactively tracks and identifies potential risks and integrates with your intrusion-detection system for real-time tracking.
4. Network Device Hardening
An unsecured printer or MFP connected to the corporate network can be a vulnerability that can be exploited by external hackers and internal threats. Hardening a networked device is a powerful way to secure its network interfaces from malicious users. This includes blocking unnecessary features and functions, locking down any interfaces that remain, and securing the data hosted by the device. For maximum protection, these features should be embedded in the device’s firmware including techniques like port filtering and TCP connection filtering to make them resilient to network attacks.
5. A Shredder
Once sensitive information is printed it’s out of the hands of digital protection. Proper paper disposal processes and a good quality shredder can make sure that physical copies don’t fall into the wrong hands once they’re done with. It’s clear that keeping confidential information secure within an organisation isn’t as easy as it seems. There are both external and, sadly, internal threats to consider as well as mishaps to worry about. Even if you monitor your electronic communications, you’re likely to have a lot of unsecured papers floating around – which unfortunately, can lead to serious information leaks. As such, protecting sensitive information must remain a top priority for businesses.
By taking action to prevent leaks before they happen, a business can keep sensitive documents safe, secure and in the right hands – protecting the organisation and providing peace of mind.