The move towards digitisation may appear to increase a business’s vulnerability to cyber attack, but it is vital that paper and print-based enterprises protect themselves too
Cyber security has never been higher up the corporate agenda. Ernst and Young’s 2015 Global Information Security Survey warned that 88% of enterprises are concerned their information security don’t fully meet their needs. But while such fears might, at first sight, be seen as an impediment to businesses’ desire to move towards full digitisation, it’s important to understand that print and paper-based enterprises are vulnerable to attack too.
It’s certainly the case that the security of digital documents should be a vital consideration for all businesses. One recent report published by PwC found that 76% of companies were more concerned about cybersecurity threats today than 12 months ago. Enterprises increasingly recognise that their digital assets must be better protected, with clear policies on information security disseminated and applied throughout the organisation, as well as clear lines of accountability that are understood by all. Leading organisations are working hard to get to grips with the motives and methods of their adversaries, collaborating with internal and external stakeholders and sharing knowledge about the evolving threat.
However, businesses that still depend on printing out sensitive documents for circulation and storage should not imagine they are any less at risk than those that operate in a paperless, fully digital environment. Apart from the obvious risk that paper documents can be stolen – either from the workplace or as employees transport them – the move to modern print management solutions puts print-based enterprises in the firing line for cyber attack.
One major issue is that many businesses are now routinely using internet-connected printers connected to networks – these devices are vulnerable to online attack. The threat might be something mundane but frustrating, such as a denial of service attack the fills up the print queue and prevents staff printing, or something more sinister such as an attack in which the attacker takes full control of the printer. The vulnerability might even be someone forgetting to collect sensitive documents from the print tray.
The worst-case scenario is that a cyber attacker steals sensitive digital documents directly from printers. Networked devices have internal hard drives that can store such documents – where hackers can seek to access them. In many cases, these hard drives will be accessible to hackers even when the device is switched off. Alternatively, a cyber attacker may seek to steal digital documents as they are sent wirelessly to the printer.
It’s important to take action to protect the enterprise from these risks as part of a document security policy.
- Where possible, choose devices with built-in ‘whitelisting protection’, which works like PC anti-virus software, providing full network visibility as well as permissions control.
- Keep printer software up-to-date so that all security patches from vendors are installed.
- Protect wireless networks and set permission levels on network printers to control who is able to send and manage print jobs.
- Use hardcopy devices that can electronically shred information held on a device’s hard drive, either automatically or at job completion.
- Make sure the drive is strongly encrypted.
Look for a reputable supplier that can supply devices with these capabilities in place.
Ensuring the security of digital documents is one reason to consider working with a Managed Print Services (MPS) provider that has expertise and experience in this area. A study published by market research analyst Quocirca in 2015 found that security is now the most important driver for companies moving towards MPS – 75% of companies said it been an important or very important factor for them. Some 74% said they had already deployed secure printing solutions, or that they were planning to do so.
The best MPS solutions will seek to strike a balance between confidentiality and security, protecting internet-enabled printers from both internal and external threats as part of a holistic document security policy that does not prevent the business reaping the benefits of automation and digitisation. The bottom line is that all businesses must now take the security of digital documents ever more seriously, no matter how far they are along the journey to the paperless office.
Takeaways:
- Cyber security issues are rising up the corporate agenda
- Businesses are vulnerable to attack even if they are not fully digital, and all cyber security threats must be addressed
- Print is a tempting target for cyber attackers and companies must take steps to protect themselves
- Concern about security is a crucial driver in the move towards managed print services