by Anthony Dupree
With the rise of mobile workers and the demand for convenience, employees expect to be able to print anytime, anywhere from any smart, connected device. Businesses are moving quickly to meet employees’ needs and are implementing mobile print solutions. If proper actions and protocols are not taken, your solution could end up causing you more problems, such as security breaches and non-compliance issues.
These potential problems are often — and easily — overlooked. How does this happen so frequently? Preconceived notions.
Today, users still believe that printers are just printers and mobile devices are more secure than their PCs. A simple, realistic example demonstrates that these notions are wrong, putting businesses at risk.
It’s Sunday afternoon, and your child asks to play on your tablet. You oblige. Without knowing it, your child downloads a game. But the game really is not a game. Instead, it is malware disguised.
Now, you are traveling for work, and you need to print a presentation from your tablet. You send the job to the office printer. The malware attaches itself to the print job and downloads itself onto the printer. But, remember, the printer really is not a printer. It is a multi-function device (MFD) that has a hard drive that can store as much data as a laptop. If the printer does not purge data regularly, which commonly happens, the hard drive could be a treasure trove for an attacker. And remember, your MFD is also connected to your company’s entire network.
Your IT team has no idea what just happened. The malware did not have to go through your company’s firewall or intrusion detection system. The team also is not looking for it. MFDs are frequently forgotten, fringe devices, which is a huge mistake. IDC reports that approximately 35 percent of all security breaches stem from an unsecured printer or MFD.
From there, the malware does the job it was meant to do, which could be to gain access to sensitive and private information stored on your MFD or, worse, launch a full-scale attack on your network. If hacked, your company is at risk of not adhering to legal and industry regulations, such as the Data Protection Act, HIPAA and PCI-DSS.
To mitigate risk, there are three fundamental steps all businesses should take when leveraging mobile printing solutions.
To mitigate risk, there are three fundamental steps all businesses should take when leveraging mobile printing solutions.
1) Make sure your print policy addresses mobile devices, data retention and security protocols. One of the first questions that my company, Novitex, asks businesses seeking managed print services is “do you have a print policy in place?” Most of the time the answer is no, which is another mistake. A policy gives employees a clear understanding of what is expected from them and helps them make well-informed business decisions.
2) Provide employees with continuous training and reminders. With mobile printing, your employees can be your greatest — or worst — line of defense. Providing them with right knowledge empowers them to act as your data’s protectors.
Instilling that smartphones and tablets are not safer than PCs is key. These devices are arguably more vulnerable due to limited controls and user knowledge. Secondly, employees must understand the potential harm that these devices can cause if they do not follow best practices and your print policy. For instance, the non-tech savvy user typically is not aware that an update to an operating system may be rolled out to fix security gaps. Without a security patch, the device remains susceptible to hackers. Providing your employees with this information is essential.
To educate your employees on best practices and your print policy, use training tactics ranging from required sessions to internal campaigns and monthly reminders.
3) Leverage technology to protect your data. Technology and capabilities to consider include:
a. Embedded security software. This software enables you to track device history, conduct audit trails and identify the origin of a threat.
b. Authentication of users. To protect confidential information, ensure your office printers require employees to authenticate themselves through a PIN, access card or fingerprint reader. This is especially important for mobile employees who may not be aware of the printer’s physical location.
c. Secure pull-printing. This technology allows employees to store print jobs on a protected server, which can access their documents from a printer connected to the server anywhere in the world. Of course, employee authentication must be enabled for secure access to the document.
d. Safe network access. Provide employees with secure access to documents via the network via VPN. This provides secure and flexible means to transmit and print from everywhere, whether you are mobile, working from home or at a temporary workstation in the office.
But before making any purchasing decisions, do your research and make sure to check the U.S. government’s National Vulnerability Database. The database provides a list of susceptibilities and quantifies the risk of vulnerabilities for devices.
Anthony Dupree is CIO and CISO of Novitex Enterprise Solutions.
is CIO and CISO of Novitex Enterprise Solutions
