by Christoph Schell, HP Inc.
Over the past year, we’ve witnessed an increased public awareness and engagement around personal data security. The 2017 hack of Equifax compromised the data and financial information of a breathtaking 148 million people. In the wake of Facebook’s data misuse scandal, a study showed nearly one in 10 users deleted their Facebook accounts.
If there is anything to be learned from the events set in motion over the past year, it’s clear that consumers are no longer willing to be passive bystanders in the security of their personal data. For any individual or organization, it shouldn’t take a crisis to inspire action. However, the consequences of one can be dire. A 2017 Centrify study that surveyed thousands of IT professionals, business leaders and consumers found a brand’s reputation becomes significantly tarnished after a data breach is disclosed, dropping stock prices by an average of 5 percent and increasing customer churn 7 percent.
Today, it is more important than ever for organizations to ensure their networks and endpoint devices are tightly secured, thus delivering peace of mind to employees, partners and consumers.
A large liability: Unsecured endpoints
An investigation in late 2017 by The Chicago Maroon found that security weaknesses in printers at the University of Chicago potentially exposed university hospital patient information, police records, and student financial information to hackers. Many of the IoT-connected printers were discovered to have been left unsecured or not updated with proper security protocols, leaving them accessible to those both inside and outside the university network. This is one instance of a widespread and serious problem – many network-connected printers are often left vulnerable to malicious activity.
It might not come as a surprise that organizations often prioritize the security of other devices such as phones and laptops over that of printers. Not long ago, we thought of the printer as an isolated piece of equipment regulated to the corner of the office. It churned out documents when needed, and aside from the occasional ink replacement or paper jam, printers received little maintenance.
Today’s reality: each and every printer connected to the internet must be secured. In fact, a recent study conducted by the Ponemon Institute found that 60 percent of IT professionals acknowledged experiencing a data breach involving a network-connected printer.
Organizations are beginning to take note of the importance of securing endpoint devices, according to a recent report by Ponemon Institute and Barkly. Seven out of 10 organizations report their endpoint security risk had increased significantly during the prior 12 months. In this same period, however, trust in antivirus software dropped significantly.
Shifting the focus toward more robust endpoint security is a necessary first step to address the changing cultural tide, but when it comes to tactics, there are many ways to bolster digital security within your organization.
Investing in technology with embedded security
With the adoption of technologies that enable always-on connectivity across enterprise applications and systems, automation of virtually all business processes and the accumulation of greater amounts of customer and employee information, companies must rethink not only their network security strategies, they must secure the vast number of endpoint devices deployed throughout the network.
This is particularly important as malware is becoming smarter – injecting code into devices so that the machines themselves accomplish the attacks - which go unnoticed by standard detection tools. In response to increased risks and threat levels, both network and endpoint security should be top priorities. Implementing even more proactive controls and strategies will ensure the integrity of company data across all assets. Companies must evaluate printer and other device purchases with security in mind.
One prominent innovation is embedded printer security, which helps customers better protect against ransomware and malware. Self-healing technologies embedded in the machines themselves automatically install patch updates to ensure that the endpoint — and ultimately the network containing valuable data and information — is secure at all times.
As we saw in 2017, the WannaCry hacks successfully took down hundreds of hospital computers in the UK, and were able to do so because of the delay of installation of security patches. These types of cyberattacks show no signs of stopping. According to Verizon’s 2018 Data Breach Investigations Report, web-application attacks against endpoint devices without the use of stolen credentials were the most popular attack vector in last year’s reported breaches, accounting for 18.5 percent of ransomware and 56 percent of malware attacks.
Embedded security in endpoint devices is an investment many enterprises should strongly consider to help protect information, detect malware and recover potentially compromised data.
Configuring your network, inside and outside the office
The more mobile our technological lives get, the broader our networks become. Printers and computers permanently connected to a company’s network should not be the only concern. Laptops and cellphones constantly entering and exiting an office are also vulnerable. This is why network security is twofold: Enterprises must make sure their direct office networks are properly configured while also ensuring the fleet of devices employees use outside of the office are protected.
Centralizing the security management of devices on a network can significantly reduce the time and labor required to properly configure devices with the latest authentication controls. This can then be augmented with automation tools which help set up new devices entering a network with the necessary security protocols.
Because human error including phishing, sending emails to the wrong person, and misconfiguring web servers accounted for 17 percent of security breaches last year (per the Verizon report), organizations must secure all devices accessing their network remotely. By leveraging a Device-as-a-Service (DaaS) subscription model, a company’s entire fleet of devices can be remotely monitored to assure adherence to security policies and automatically update devices with the latest malware protection.
DaaS also provides analytical insight on fleet inventory, including location and condition to maintain better security. Since the delivery model includes fleet end-of-life disposal, companies have the assurance that devices and data don’t fall into the wrong hands.
Data regulations: Ensuring compliant and secure networks
One of the world’s most rigorous data protection regulations, the Global Data Protection Regulation (GDPR), went into effect on May 25, 2018, in the European Union. The guidelines were established by the EU Parliament to unify laws and give more autonomy to millions of individuals over the use of their consumer data. If you think that being across the pond spares your enterprise from GDPR compliance, think again. GDPR requires that any company that stores, processes or touches data coming from the EU to comply.
Why does this matter from a security perspective? Companies need to establish controls to manage data and devices across the network to minimize harm in the event of a data loss. As of April 2018, research shows that one in three organizations were not ready to comply with the regulation.
Responding to an era of data security enlightenment
There is much at stake for organizations amid the era of data enlightenment. Employees want to know they are working for an organization committed to protecting both employee and customer data. Business partners want to ensure their own data will not be compromised as they enter into a relationship with another company. Consumers must have confidence their personal data is secured by the brands they purchase from and trust.
Currently, the public is rightfully empowered to demand that the organizations and businesses that collect, hold, and process their data do so in a responsible way. With mounting distrust in organizations that handle data among employees, partners, and consumers, it is critical for brands to shore up security across the entire network ecosystem — and communicate it clearly.
Better security is of momentous importance but does not have to be a momentous task. Investing in the right technologies and services can deliver peace of mind to all parties who have a stake in the health and success of your organization. Your brand reputation is counting on it.
This article originally appeared in the June 2018 issue of the Imaging Channel