On 25th May 2018, the new EU Data Protection Regulation (GDPR) will come into effect across all EU member states. From that point on, all companies and government agencies within the EU must ensure their IT infrastructure is compliant with these new regulations.
Not only must they comply, but they will also need to clearly demonstrate how their processes comply, documenting the decisions they take to protect personal data.
But is everyone clear on what GDPR means? And what do businesses have to do to make sure they’re ready?
Firstly, the act defines personal data as “any information concerning the personal or material circumstances of an identified or identifiable individual”.
Here it is important to point out that the scope of what constitutes personal data has broadened. Information that could lead to the identification of an individual now includes everything from economic information, cultural details and mental health information to telephone numbers, IP addresses, social media usernames and more. In addition, organisations will now have 72 hours to report a data leak or face significant fines.
In amongst the discussion about how IT infrastructure will be adjusted to comply with these new regulations, an overlooked point has been data protection in printing. After all, data leaks aren’t always large-scale cyber-attacks like we’ve seen recently – they can be something as simple as a printed document ending up in the wrong hands.
The common issues with printing
[clickToTweet tweet=”Weaknesses in print #security range from advanced issues with #encryption to rudimentary human error. Personal #data is often transferred #unencrypted via the #network. It’s also stored unencrypted on #servers, or even on the printer’s hard drive.” quote=”Weaknesses in print security range from advanced issues with encryption to rudimentary human error. Personal data is often transferred unencrypted via the network. It’s also stored unencrypted on servers, or even on the printer’s hard drive.”]
Weaknesses in print security range from advanced issues with encryption to rudimentary human error. For example, many businesses may be simply unaware that personal data is often transferred unencrypted via the network when printing. It’s also stored unencrypted on servers, or even on the printer’s hard drive.
And it’s often the case that alternative workflows aren’t established – this is a crucial tool in preventing sensitive information from ending up the wrong hands. Without alternative workflows, any personal data could be sent to printers in unsecured locations. Even a document left unattended in a printer’s output tray could mean data isn’t being adequately protected.
Of course, these are just some of the potential hazards businesses will invariably encounter when securing their data in print. It’s inevitable that more complex challenges will become apparent as IoT technology continues to advance and permeate everyday business processes. There’s no denying that business face a potentially difficult task to ensure that they’re GDPR-ready.
How to secure your print fleet
In a nutshell, print security must now become a vital part of a businesses’ IT planning processes. And in doing so, they must consider the three key areas of print security.
The first is devices; many organisations are filled with ageing, poorly secured print devices. The best defence is to implement secure access features that restrict who can use the output devices using predefined user access controls.
The second area is the network. With the increased use of mobile devices and the need to support BOYD initiatives, IT departments must strike a balance between providing users with the tools they need to boost efficiency, but at the same time minimise the risk of intrusion across networks and connections. This could include digital certificates, port filtering, IP address filtering, role-based access control and more.
The third and final area is their documents. Malicious printing can be prevented on a device by configuring it to only allow print jobs if the user is authenticated. They can also implement card authentication for access to physical facilities, print release solutions, and secure document monitoring. These deliver great visibility into physical documents and reduce the liabilities associated with insider threats.
Ultimately, it’s crucial that businesses start to make security an integral part of all their printing hardware, and not just in software and IT infrastructure. From May 2018 onwards, an errant printed document ending up in the wrong hands can prove just as costly as a cyber-attack. The EU is warning of fines of up to €20m, or four percent of a company’s annual worldwide turnover (whichever figure is larger). It’s therefore crucial that businesses work to prevent this from becoming a reality.
As the deadline looms for GDPR, organisations should take the time to understand how they handle the personal data they collect, both externally from customers and internally from their own people. Essentially, it’s time for businesses to ensure their compliance with data protection laws extends all the way from their web security to their printer output tray.