There is a regular parade of stories in the media about companies accidentally losing data, either as a printout or in digital form, says Mark Hiller, GM at Lexmark South Africa.
Traditionally, the focus for security is on preventing external threats such as viruses and hackers. However, internal threats like leaks or the unauthorised distribution of secure content are a potentially costly security breaches that need to be addressed.
This is especially relevant for South African companies, in light of the passing of the POPI Act in November last year. The Act states that entities must take appropriate and reasonable measures to protect personal information. This points to the importance of companies keeping their own security and data protection up to date, as well as making sure that anybody who handles data on their behalf does the same.
Failure to do so might expose both the company and stakeholders associated with the company to undeniable legal ramifications that could damage their operational effectiveness
Security across the globe
The battening down of content security hatches is, however, not a uniquely South African phenomenon. In fact, according to the last ‘Data Loss Barometer’ report from KPMG, over the past five years, around one billion people globally have been affected by data loss incidents, and 60% of these were because of hacking.
Thankfully, figures from The Open Security Foundation´s DataLossDB show there has been a gradual decline in the number of incidents in 2013 compared to the record high in 2012. However, that is no reason for a company to be complacent, especially given the increasingly stringent data privacy rules coming into force within the European Union.
Companies therefore need to be able to identify and combat these threats and prevent the unauthorised release of paper and digital documents. There are five steps businesses can take to ensure they minimise the potential for leaking information – be it intentionally or by accident:
Encryption
Hard disks in printers and MFPs can be configured to use encryption. This ensures all data sent to – and stored by – the printer or MFP is encrypted. Hard disk encryption using the 256-bit Advanced Encryption Standard (AES) scrambles all data that is active, at rest or left on the hard disk by a previous job. When this feature is enabled, an encryption key unique to the specific printer or MFP and hard disk is created.
The intent is that if the hard disk is stolen or removed, it will not yield usable information. AES data encryption is the standard selected by governments and military organisations around the world to protect its most highly classified information.
Authentication
An MFP can be configured to authenticate and authorise users against internal accounts, passwords and PINs – as well as against a corporate directory through an encrypted channel. These authentication methods are secure over an SSL channel and are compatible with Active Directory and other directory-server platforms.
This enables device administrators to select individual users and appropriate groups to make changes to a device based on the device’s function and access rights. Furthermore, they can grant individual users and appropriate groups the right to access a particular device function or functions, while restricting other users or groups from using the same functions.
This can be augmented with security templates and/or automatic e-mail address insertion for workflow and scanning.
Monitor flow of sensitive information
Implement a tool that monitors and audits the information that passes output devices to stop unauthorised flow of sensitive information. This means creating a searchable digital image file of every document that is printed, scanned, copied or faxed (regardless of source).
A secure content monitor will give an organisation the information needed to spot leaks and to establish a strong defence.
This can be extended to track security-related events with features that track device setting changes and export these into detailed logs describing system, user or activity events. The event tracking feature proactively tracks and identifies potential risks and integrates with your intrusion-detection system for real-time tracking.
Network device hardening
An unsecured printer or MFP connected to the corporate network can be a vulnerability that can be exploited by external hackers and internal threats.
Hardening a networked device is a powerful way to secure its network interfaces from malicious users. This includes blocking unnecessary features and functions, locking down any interfaces that remain, and securing the data hosted by the device.
For maximum protection, these features should be embedded in the device’s firmware including techniques like port filtering and TCP connection filtering to make them resilient to network attacks.
A shredder
Once sensitive information is printed it’s out of the hands of digital protection. Proper paper disposal processes and a good quality shredder can make sure that physical copies don’t fall into the wrong hands once they’re done with.
It’s clear that keeping confidential information secure within an organisation isn’t as easy as it seems. There are both external and, sadly, internal threats to consider as well as mishaps to worry about.
Even if you monitor your electronic communications, you’re likely to have a lot of unsecured papers floating around – which unfortunately, can lead to serious information leaks. As such, protecting sensitive information must remain a top priority for businesses.
By taking action to prevent leaks before they happen, a business can keep sensitive documents safe, secure and in the right hands – protecting the organisation and providing peace of mind. Lexmark has a range of solutions and elements that help organisations to keep a close eye on data – protecting it every step of the way.