On 25th May 2018, the new EU Data Protection Regulation (GDPR) will come into effect across all EU member states. From that point on, all companies and government agencies within the EU must ensure their IT infrastructure is compliant with these new regulations.
Not only must they comply, but they will also need to clearly demonstrate how their processes comply, documenting the decisions they take to protect personal data.
But is everyone clear on what GDPR means? And what do businesses have to do to make sure theyโre ready?
Firstly, the act defines personal data as โany information concerning the personal or material circumstances of an identified or identifiable individualโ.
Here it is important to point out that the scope of what constitutes personal data has broadened. Information that could lead to the identification of an individual now includes everything from economic information, cultural details and mental health information to telephone numbers, IP addresses, social media usernames and more. In addition, organisations will now have 72 hours to report a data leak or face significant fines.
In amongst the discussion about how IT infrastructure will be adjusted to comply with these new regulations, an overlooked point has been data protection in printing. After all, data leaks arenโt always large-scaleย cyber-attacksย like weโve seen recently โ they can be something as simple as a printed document ending up in the wrong hands.
The common issues with printing
[clickToTweet tweet=”Weaknesses in print #security range from advanced issues with #encryption to rudimentary human error. Personal #data is often transferred #unencrypted via the #network. Itโs also stored unencrypted on #servers, or even on the printerโs hard drive.” quote=”Weaknesses in print security range from advanced issues with encryption to rudimentary human error. Personal data is often transferred unencrypted via the network. Itโs also stored unencrypted on servers, or even on the printerโs hard drive.”]
Weaknesses in print security range from advanced issues with encryption to rudimentary human error. For example, many businesses may be simply unaware that personal data is often transferred unencrypted via the network when printing. Itโs also stored unencrypted on servers, or even on the printerโs hard drive.
And itโs often the case that alternative workflows arenโt established โ this is a crucial tool in preventing sensitive information from ending up the wrong hands. Without alternative workflows, any personal data could be sent to printers in unsecured locations. Even a document left unattended in a printerโs output tray could mean data isnโt being adequately protected.
Of course, these are just some of the potential hazards businesses will invariably encounter when securing their data in print. Itโs inevitable that more complex challenges will become apparent as IoT technology continues to advance and permeate everyday business processes. Thereโs no denying that business face a potentially difficult task to ensure that theyโre GDPR-ready.
How to secure your print fleet
In a nutshell, print security must now become a vital part of a businessesโ IT planning processes. And in doing so, they must consider the three key areas of print security.
The first is devices; many organisations are filled with ageing, poorly secured print devices. The best defence is to implement secure access features that restrict who can use the output devices using predefined user access controls.
The second area is the network. With the increased use of mobile devices and the need to support BOYD initiatives, IT departments must strike a balance between providing users with the tools they need to boost efficiency, but at the same time minimise the risk of intrusion across networks and connections. This could include digital certificates, port filtering, IP address filtering, role-based access control and more.
ย The third and final area is their documents. Malicious printing can be prevented on a device by configuring it to only allow print jobs if the user is authenticated. They can also implement card authentication for access to physical facilities, print release solutions, and secure document monitoring. These deliver great visibility into physical documents and reduce the liabilities associated with insider threats.
Ultimately, itโs crucial that businesses start to make security an integral part of all their printing hardware, and not just in software and IT infrastructure. From May 2018 onwards, an errant printed document ending up in the wrong hands can prove just as costly as a cyber-attack. The EU is warning of fines of up to โฌ20m, or four percent of a companyโs annual worldwide turnover (whichever figure is larger). Itโs therefore crucial that businesses work to prevent this from becoming a reality.
GDPR
As the deadline looms for GDPR, organisations should take the time to understand how they handle the personal data they collect, both externally from customers and internally from their own people. Essentially, itโs time for businesses to ensure their compliance with data protection laws extends all the way from their web security to their printer output tray.
Danny Molhoek is General Manager of North West Europe at Lexmark. The company creates innovative imaging solutions and technologies that help customers worldwide print, secure and manage information with ease, efficiency and unmatched value.