The role of print security in an IoT era

The focus of most businesses has traditionally been on how to reduce costs, and improve productivity and profitability. However, device and document security as well as the management of sensitive data, whether in print or digital form, is now firmly in the spotlight.

With the enforcement of the General Data Protection Regulations in 2018, the financial liabilities are becoming greater (for more information see the Kyocera Guide to GDPR). Therefore, the conversation is swinging towards the costs associated with security and it is a concern that affects companies both large and small.

According to data collected by the European Data Protection Board, in the first year of GDPR over 89,000 data breaches were logged by the EEA Supervisory Authorities. Research by Quocirca in 2019 revealed that organisations see printing as one of their top security risks, since data breaches of this type are frequent and costly. In fact, 11% of all security incidents are print related, and 59% of these lead to data losses that cost an average of €363,000 each year to deal with.

It is therefore imperative to secure your printers and MFPs if they are connected to your network, otherwise they could provide an entry point to hackers looking to steal your data. In most attacks, the hacker takes advantage of vulnerabilities that could easily be remedied. These vulnerabilities are the result of inadequate security strategies in workplaces where unclaimed print jobs, unencrypted data and zero access controls are accepted as standard practice. Fortunately, addressing these issues is easier than you might think.

The introduction of secure print management software is one of the first steps to address these top drivers, and can be enabled without requiring significant investment or complex organisational changes. Such software also can provide additional functionality not available as part of the basic applications that come default with the printer or MFP, and offer enhanced ease of use when integrated with scanning and capturing software. Furthermore, with document management solutions, more complex workflow automation and archiving can be supported.

So why is the availability of such solutions still scarce? Despite the assumption that print management software is highly widespread, many businesses still underestimate the need for it. In addition, not all solutions deliver the right balance of productivity and security in all kinds of operating environments. If you are working in an organisation with multiple sites, and not all of them equipped with a server, there remains the requirement to keep print jobs within any branch location in the event the server experiences downtime. Not all solutions will cater for your operating needs or ensure against the possibility of a data breach in the abovementioned scenarios. 

While software developed by vendor agnostic software companies may seem attractive due to their independence from hardware production, those that are developed and closely integrated with the device can offer advantages in terms of added performance and functionality.

Securing Device Access and User Privacy

No matter how far you want to go in securing users’ privacy, a few essential security measures should be taken in all print environments. The basic condition for securing a document is to control access to its printed form. Especially with print cost savings and the replacement of small office devices with central high-performance corridor printing machines, controlling access to printed documents has become all the more critical.

The implementation of a solution such as KYOCERA Net Manager that is based on releasing print jobs only after the printing user reaches the corridor machine and authorises release via an ID card, a PIN or a username and password or a combination of two methods provides enhanced security. This means that the print job is released under full control of the authorised person.

Device login with multi-authentication and automatic logout

While it is essential for releasing print jobs, user authorisation at the printing device brings benefits also to copying and scanning. Another very important security feature is the automatic log out. No matter how secure the system is, there will always be an element of human error. Even when users know they need to log out of the device after they finish their work, they might accidentally leave their session open. For such cases, the administrator can enable the automatic logout after a set period of time.

To increase device security, it is also possible to enable two level authentication and require the use of either an ID card and PIN, or an ID card and password.

Privacy mode for added anonymity

For companies focused on ensuring the highest level of personal data protection, solutions are available that when switched to a special mode, no personal data is displayed that would compromise the company’s data protection policies. In this “Privacy mode”, logged users can see only names of their own jobs and names of all other jobs are not identifiable.

Security across different branch locations

In today’s highly globally distributed economy and mobile workforce, it is important to consider the optimal infrastructure for your whole organisation. With most print management solutions, you can design a Master-Site Server configuration, where the Master server enables license management, user management, and reporting server, while the onsite server acts as the Production server.

Although it is a very effective configuration when you want to distribute the load between multiple servers (each server is located in one branch), this configuration requires the placement of many servers, sometimes hundreds, across all branches. This would be a huge challenge, especially where is no local IT administrator to manage the deployed server.

Preventing Unauthorised System Access

While much of the administrator’s actions depend on the company’s security policy, the general responsibility is to secure the print server, data and communication against external and internal threats. 

Organisations will therefore seek a solution that is highly customisable with security levels that can be adjusted according to their business needs. Such a system will enable businesses the ability to activate the right level of privacy, depending on the requirements, using a modular approach.

The business case for ensuring that printers are part of an overall information security strategy is clear. Implementing a secure print management system is just one of several essential measures to help organisations accurately and actively comply with GDPR, but there are also some basic as well as additional, value-adding solutions that can be readily implemented, as recommended by Quocirca:

• Review the setting of the device: Access the configuration of the MFP and take action to limit network access, manage the use of network protocols and ports to prevent potential viruses and malware being transmitted by activating hard disk encryption and overwrite data with the help of a data security kit. This adds additional security layers to data either being actively used by the device or stored on it. This should also be done for MFPs being moved or disposed of, and applies to scan, print, copy and fax data.
• Adopt an access solution and policy for your entire fleet to ensure secure document input and output: Implement user authentication to eliminate the risk of unclaimed documents being left in printer trays. User authentication, also known as pull printing, ensures documents are only released to the authorised recipient. Some systems are more effective than others, whereby some vendors offer ‘hold print’ functionality which enables the release of documents from one main MFP. Authentication through smartcards, passwords or PIN also ensure device access is protected and enabled across an enterprise-wide fleet, a specified printer, or an external authentication server such as Microsoft’s Active Directory. In addition to access and device controls, digital rights management capabilities can further discourage unauthorised copying or transmission of sensitive or confidential information. This can be limited through the use of features such as watermarking, predefined scanned folder destinations and integration with Advanced OCR functionalities as well as a Document Management system.
  
• Implement ongoing monitoring and management across your network, from basic accounting to fully-fledged fleet monitoring solutions – to ensure compliance through the ability to trace unauthorised access. As security threats are constantly evolving, continuous monitoring is essential to establish ongoing governance of print infrastructure. Significant investments are not always required when it comes to server set-up and maintenance and ensuring that documents and information are managed securely within an organisation. Every business is unique and there is no one-size-fits-all solution, which is why solutions such as KYOCERA Net Manager can be tailored to fit any organisational requirement.