The Information Commissioner’s Office (ICO) recently punished Plymouth City Council with a £60,000 fine after an office printing mix-up led to details of a child neglect case falling into the wrong hands. Reportedly, a council employee sent a sensitive document to a printer on a different floor, which meant it was picked up in error by another employee who sent it on to the wrong family by mistake.
While the council has since implemented a new system to prevent similar errors, the incident raises an interesting issue about the security surrounding printing infrastructures in general. Most organisations recognise the importance of an IT security strategy to stop potential data leaks, but many are still not so aware of the serious risks posed by an unsecured printing environment.
The threat of data leaks from printers has increased in recent years with the widespread use of networked printers and multifunction peripheral (MFP) devices which scan, print, fax, copy and email. Network connectivity, along with hard disk and memory storage, make MFPs susceptible to many of the same security issues as PCs and servers.
There are broadly three categories of risk in the area of printing: accidental security breaches, such as the one at Plymouth council, where there seems to have been no malicious intent that lead to information accidentally leaking out; opportunistic breaches, in which someone in the office stumbles onto sensitive data and decides to disseminate it; and systematic, planned attacks in which there is a pre-meditated attempt to undermine an organisation’s security.
The first two risk categories can be reduced considerably by taking a number of precautions that are available through secure print management software systems.
One of these is the ability to stop printed pages lying open on a printer for anybody in the vicinity to come by and pick up, by only outputting a job when the person who sent it comes to the device and enters a personal pass code, or swipes a smart card. Similarly, print jam recovery features stop printers automatically reprinting jobs after a jam has been cleared.
Data erase capabilities can protect against unauthorised access to data held in the printer memory or hard disk by deleting it soon after printing. Clearing the hard disk is especially important if a printer is being moved to a new location, or before disposal or recycling.
When it comes to protecting against planned attempts to compromise printer security, organisations obviously need a well thought out security strategy which includes reviewing the end to end document delivery process and eliminating any weak links.
This should encompass areas such disabling unused network ports and protocols as well as using encryption on printer hard disks to reduce unauthorised access to printer data by hackers. Auditing tools which track who has accessed and used copy/print/fax and scan to email facilities on the printer fleet can help pinpoint unauthorised dissemination of information.
One final point to consider is that printing paper documents generally brings with it a degree of security risk. An alternative would be to look at improving the online usability of documents instead – particularly for items such as reports which have to be distributed to a number of people. If they are easy to view, search, annotate etc online, do you need to print them off at all?