Use this encryption and authentication checklist with your printers to send data safely and help stay GDPR compliant
Defending data from hackers, internal threats and malicious third parties has never been easy. The Internet of Things (IoT) has given cyber attackers more opportunities than ever to enter networks to spread malware, go phishing, or execute a man-in-the-middle style attack.
Organisations surveyed by Ponemon for a recent study experienced on average 2 attacks per week in 2016, an increase of 23% year on year, losing on average $9.5 million annually in the fight against cyber crime. (Source)
In response to the rising threat of these attacks, government bodies around the world have introduced strict new regulations that require organisations to better protect their customers. And if companies fail to comply, they could face heavy fines on top of lost customers and a damaged reputation.
One such regulation is the EU General Data Protection Regulation (GDPR), which aims to protect the rights of individuals to control their own personal data. Any company that operates in the EU that fails to comply faces fines of up to 4% of their global annual turnover, capped at €20 million.
The importance of securing the data flow between your printers
Businesses tend to focus on server, mobile and PC protection, but any data that is sent between devices is vulnerable to attack. Unsecured printers expose your business to the same data threats as your PCs and safeguarding your print fleet is essential for security compliance.
With industry regulations becoming more complex and hacker skills becoming more sophisticated, it can be a challenge for CISOs to know if their security measures are as complete as they should be. The Center for Internet Security has developed a checklist of controls that outlines the most important requirements. This encryption and authentication checklist can help businesses to address best practice security requirements to protect data flowing through their printer fleet and stay compliant.
CSC 12: Boundary Defense
Your IT team should protect the flow of information transferring between networks of different trust levels with a focus on security-damaging data. Use encryption to protect data in transit and at rest on the device hard drive. Control access to device functionality based on a person’s role by configuring or adding authentication solutions, including access to print from a mobile device. Configure trusted websites in the “Trusted Sites” list on the device to prevent user access to malicious websites from the printer front panel.
CSC 13: Data Protection
Your IT team should prevent data infiltration and exfiltration, mitigate the effects of exfiltrated data, and ensure the privacy and integrity of sensitive information via encryption. In addition to the CSC 12 recommendations, IT teams also need to consider pull print solutions to avoid sensitive documents being abandoned in output trays, and securely erase data on printer hard drives before returning leased printers or recycling them at end-of-life.
CSC 15: Wireless Access Control
Your IT team should control the security use of wireless local area networks (LANS), access points, and wireless client systems. With an effective print security management tool, they can automate the deployment, assessment and remediation for device settings – including wireless settings – across the fleet. When it comes to choosing your printer fleet, they should choose devices that support peer-to-peer wireless printing and that allow mobile device users to print directly to a printer’s discrete wireless signal without accessing the company network or wireless service.
Does your IT team know your most vulnerable points?
If your IT team isn’t aware of every endpoint, they cannot see where data breaches have occurred. The first step to protecting your data is to know every device, before applying best practice encryption and authentication measures to be compliant and enable employees to send data more securely.