Since 2018, global organizations with customers in Europe have been subject to the General Data Protection Regulation (GDPR). Amongst the wide-ranging requirements, GDPR mandates that organizations take appropriate technical measures to protect personal data held within their network environment. Encryption and making data anonymous is cited in the legislation under Article 5 as examples of technical measures that should be considered to minimize the potential damage in the event of a data breach.
GDPR has since had a profound impact on the international compliance landscape, encouraging a number of new or updated regulations to be put into place. Some examples of this include CCPA (the California Consumer Privacy Act), PIPEDA (Personal Information Protection and Electronic Documents act, for Canada), POPI (The Protection of Personal Information Act, for South Africa) and LGPD (The Lei Geral de Proteção de Dados, for Brazil).
The insider threat
Even though these compliance regulations have been put in place, there appears to be no reduction in the number of data breaches. In fact, since the introduction of PIPEDA a year ago, there have been six times more data breaches reported compared with the previous year. This equates to 680 breach reports since November 1, 2018, affecting a total of 28 million individuals. In part, I believe this is the result of the majority of organizations being focused on malware attacks as they perceive this to be the biggest threat. However, according to Quocirca’s Global Print Security Landscape 2019, while the top perceived security threat is malware attacks at 70%, accidental actions of internal users are the most likely cause of security incidents, equaling 32% of all reported incidents.
Interestingly HP’s recent “Creepers and Peekers” study backs up Quocirca’s stats too, with 34% of data breaches last year being caused by insiders (internal users). Staggeringly, the HP study even revealed that 75% would look at unclaimed documents they find left in the print tray. In addition, 40% who see confidential documents in the printer admit they wouldn’t just ignore it, but rather look at it and even save it by taking a picture, making a copy, or taking the document. This suggests that organizations, now more than ever, need to be educated on the insider threat, including how they can safeguard against confidential documents getting into the wrong hands, together with protecting their overall print environment.
The solution
The challenge most midsize to enterprise organizations now face is an overstretched IT department. They are expected to not only be up to date and aligned with the latest global data regulatory compliance requirements, but also be the experts in the entire IT infrastructure of the organization they work for. The requirements for MPS are also ever-changing and the approach of providers needs to evolve, especially when you consider the expanding data privacy regulations. According to a recent survey, last year alone 68% of organizations suffered at least one data breach through unsecure printing, so this should not be ignored.
When choosing a provider to manage your documents and print management infrastructure, it is important to choose a service provider that take takes print security as a top priority including:
- Provides access management for user authentication/authorization to print, copy, and send information electronically from printers and multifunctional products (MFPs)
- Protects documents across the network by using industry-standard data encryption at rest and while in motion
- Forensically inspect and protect content including personally identifiable information (PII) — for example, identify credit card and bank routing numbers, national identification and account numbers
- Provides accurate activity tracking and document archiving for ongoing audits such as data protection impact assessments (DPIAs)
- Provides comprehensive reporting while leveraging data anonymization to maintain user privacy
It is a big ask for IT departments to be knowledgeable about and able to resolve all of the above. That’s why, according to the Quocirca report, “Over 62% of organizations are using an MPS to gain access to print management and security skills, which are often lacking in house.” I believe this is the best course of action to ensure an organization’s print environment is properly protected and kept up to date with the evolving regulatory compliance landscape.
Eric Crump is strategic alliances director for FollowMe at Ringdale and board member of the MPSA
