Print security is an ever-evolving animal and it can be difficult to keep up with the pace of change. You may well be tired of hearing about the General Data Protection Regulation (GDPR) but did you know that, until now, regulators have been lenient? Despite the fact that GDPR was implemented last May, it won’t be heavily enforced until this coming May.
Customers will be asking for the most secure solutions available, so we spoke to three of the biggest print manufacturers about the current trends in print security, why it can often be overlooked and what verticals are using it.
Dan Wogan, product manager at Epson
Security should be a key priority for all businesses, especially now that they are operating in a GDPR-compliant landscape. All intellectual property and confidential documents need to be protected – and the amount of electronic data flowing in and out of organisations is rising all the time, making it a challenging task.
When it comes to dealing with customers’ personal details and sensitive financial documents, nothing should be left to chance. However, many offices place their printers in open areas, resulting in the risk of ‘orphan print jobs’ – information that is printed, but not picked up. These documents often hold confidential data and lie on an output tray for extended periods of time, putting them at risk of being picked up by unauthorised staff.
One method of print security that can help mitigate this risk is a server-based solution which creates a secure printing, scanning and copying environment. A good example is our Print Admin, which allows organisations to strengthen document security with device-user authentication, meaning that no print job is released until the user has proven their authentication at the device.
Finance and healthcare are just two industries in which businesses treat data confidentiality as a matter of paramount importance but, with data compliance being increasingly high up on the business agenda, document security must be a priority for organisations operating in all sectors.
Frazer Whitehead, senior business manager at Brother UK
Businesses across the economy are being more frequently targeted by cyber threats, making security a top priority for CIOs and IT managers. However, research suggests the robustness of print systems may be being overlooked by customers. According to a study by Spiceworks, only 16% of IT industry respondents think printers are at high risk of a security breach, and 43% of surveyed companies ignore printers in their endpoint security approach.
We expect this perception to change, particularly as high-profile printer-related hacks have exposed the vulnerability of some print systems. For example, last year, thousands of printers at top US universities were targeted in a cyber attack which saw them lose control of their printers. The hacker had remotely activated the printers to produce offensive materials, raising concerns over print security.
As awareness of how printers can be targeted grows customers are, increasingly, turning to channel partners for advice on how to protect print systems. Rule number one of keeping print systems secure is to ensure customers are keeping firmware updated to the latest version. After a piece of software has been in use for a while, potential bugs or exploitable weaknesses begin to be identified by hackers. When these are detected by regular best-practice checks, or reported, developers will design a fix which will then be resolved through an update. These can be used to patch the operating systems or firmware of any connected electronic device – not just computers and servers but also printers, scanners and the increasingly vast array of smart devices within a network.
As security increasingly creeps into the decision-making process for acquiring print systems, vendors are working to design devices with fewer vulnerabilities.
Across many verticals, particularly education and healthcare, managed printed solutions (MPS) have created opportunities to increase security with low-effort required. By adding an MPS solution into the network, businesses increase security control with features such as pull printing, where users need to identify themselves with a unique PIN, NFC smartcard or fingerprint to retrieve their printouts.
Aaron Anderson, relationship marketing manager at KYOCERA
With cyber threats continually increasing in frequency, intensity and complexity, organisations are rightly concerned about the risk these threats pose to their sensitive or confidential data. As such, print security has become something of a hot topic.
Cybersecurity professionals now readily accept that printers and multi-function printers (MFPs) are just as critical to their data governance policies as PCs and smart devices; as a result, we are now seeing more printers and MFPs with built-in security capabilities available to support the protection of sensitive data.
This is not only useful when countering both external and internal risks, but has significant benefits to the overall risk posture of an organisation. It helps mitigate the risk associated with cyber threats, especially when deployed in conjunction with an enterprise-wide defence and an in-depth IT security strategy.
However, with cyber threats – both internal and external – showing no sign of decline, the fact remains that documents are valuable and people are fallible; this will, forever, be the case. Whatever technological solutions are developed and deployed, some degree of risk will always exist.
In response, we are seeing more and more organisations widening their approach to cyber vigilance. Empowering users through training and awareness of existing and new threats encourages better working practices which can help all organisations avoid unintended breaches caused by human error.
Cybersecurity is one of the biggest challenges facing the public sector today and, since WannaCry, particular interest has been shown in print security. We never normally consider just how much information, potentially containing personal data, is either printed off or scanned using printers or multifunctional devices but, with the GDPR now in full force, it’s not something that those in the public sector can afford to ignore.