Is your Printer a Data Breach Waiting to Happen?

The Statistics

As the original Xerox Platinum Partner in the United Kingdom, there's nothing about network printer security Advanced UK Ltd. doesn't know! So to open this article on printer security, consider Quocirca's authoritative 2019 Global Print Security Landscape report, which stresses in its summary that the dependence on print creates organisational risk, and that print is considered to be one of the top security risks to any organisation. Further, it states that of surveyed organisations overall, '66% rank print in their top 5 risks, second only to cloud-based services at 69%'.

That's probably an eye-opener to many readers, even those engaged in cyber security, privacy, data protection, and the countless GDPR practitioners. It shouldn't be the case, but with 60% of businesses in the UK, US, France, and Germany suffering a print-related data breach over 2018/19, it's clear that the industry has a long way to catch-up. Printer security is an urgent topic, and the ICO itself has long singled it out as a prerequisite for GDPR readiness.

Print related data breaches happen with startling regularity: 11% of all security incidents are print related, and 59% of these lead to a data loss which costs an average of £313,000 per-annum to resolve.

So is your printer a data breach waiting to happen? Unless you have strict IT controls and user training, I suggest it is. 

Exploring this topic requires examples, and predominantly I use Xerox as a reference point given their market-leading security approach, but this is no sales piece.

Human Error and Print Security

In April 2019, Paul Skinner, UK and Ireland ICT practice leader at Chubb Insurance, commented on the ICO's breach reporting guidelines by saying:

"Although the threat of outsider attacks has been given considerable publicity, it is important to remember many security incidents are simply the result of the inside user. While there is now much more awareness of the threat of data breaches, the underlying problem of human error remains [ ... ] A company with untrained staff may find itself with not only an incident but at worst a problem with its reputation."

He was quite right about the human error part, because the very next month, May 2019, Chubb sent a single page letter to their clients which unsurprisingly included the recipient's name, address and policy document number in addition to the policy update. Unfortunately, through a printing error, it was printed double-sided with the result that one person's letter was on one side, and somebody else's was on the other!

The Most Typical Print Related Data Breach

The Chubb example, above, highlights human error, but the real culprit is just sheer carelessness: how many times have you gone to a printer only to have to hunt through everyone else's documents to find your own? 

Such lapses in information security are second only to the misuse of email for causing reportable data breaches. 

Amongst the clutter of unwanted and forgotten print-outs, and prints sent to the wrong printer entirely, there's inevitably sensitive data, whether of a commercial or personal nature. Even in relatively small organisations, the cost of wasted print is typically 8%, and this can equate to £2,000 in print costs, in  addition to the costs of having to send the waste to a secure document destruction company.

It's avoidable! By implementing secure printing (also referred to as 'Pull Print', 'follow me print', or 'follow you print), the user is only presented with their printed data once they identify themselves to the printer, either by entering their own PIN code or through the printer detecting their RFID-enabled pass or security fob.

What is Secure Print / Pull Print?

Pull printing functionality allows a document to be released only upon user authentication at the printer. Methods of authentication may include:

• Pin-code release
• Active Directory Single Sign On (SSO)
• QR code recognition
• Mobile phone authentication
• RFIID proximity sensors
• Magnetic sensors
• Smart cards
• Biometric recognition

Regardless of the authentication method deemed appropriate for the user group, the user must go to the printer to collect their work. Once you have authenticated at a network printer of your choice, you can then view, select job settings, print or delete them as you need.

In the image below, a user presents their staff identity card, enhanced with an RFID tag, to release a queued job from a printer.

The use of mobile devices - smart phones - to authenticate is demonstrated in this 00:22" video below.

Benefits of Secure Pull Print

Of course the modern office printer is multi functional, capable of printing, copying, faxing, and - with Xerox - now serving almost 100 business software applications to the user.

Using SSO, however enabled, ensures that access to the business applications adheres to network security protocols. The Xerox ConnectKey® apps offer users such advanced functionality as the ability to scan to Sharepoint, as well as to browse their Sharepoint repositories and print directly from the printer. Security is a 'must have'.

The security of the MFD - and the network as a whole - is thus enhanced. Again, taking the Xerox approach as an example, the secure authentication provides access to SSO-enabled apps without having to remember long passwords or perform any additional, time-consuming login steps. Xerox have an emphatic approach to printer security, so all credentials are kept safe using login tokens stored and retrieved using triple encryption within a tamper-proof software vault.

Consider Print Security Alerts

When security professionals consider Information Security as a whole, they're assessing Risk. The formal definition of Risk is the probability of an event times the anticipated harm if that event occurs.

Given certain working environments, it becomes important to consider Content Security. That is, if certain data was to be released, could it cause harm? This need not relate only to data theft, but also to the accidental data breach.

Using Xerox as the example, again, the Xerox Workplace Suite features safeguards against data or intellectual property loss by searching all documents copied, scanned or printed through a licensed MFP for specific user-defined terms or text strings (e.g., confidential, internal use only, etc.). If a match is found, an alert — along with job details and content — will be sent to an administrator for follow-up.

Guidance from the UK ICO

The Information Commissioner's Office (ICO) must be tired of having to repeat the same old guidance. They write:

"Organisations should introduce secure printing technology, including the appropriate use of PIN codes or security cards which staff are required to use. If this is not possible then VSA organisations should create a secure printing procedure that explains that staff should collect their prints as soon as they send documents to the printer."

For how many years have they been saying this? At least since 2012! It appears time and time again.

Next Steps?

Whether you have just one or two printers, or a national fleet, you will be wondering how to implement print security across your network, and contemplating the potential cost.

It's not necessarily as complicated as you might think, and the team of Xerox experts at Advanced-UK are able to assist. You might discover that eliminating your print servers adds security, or that third party solutions function well across some of your legacy devices. The starting point is always best if an MPS Print Audit is conducted first, and from there you can make well-informed decisions which your Executive team will appreciate. 

Advanced-UK may be reached by telephone on 01895 811811 (London region & HQ). or email sales directly.

PS. If you enjoyed this article, please consider using the social media sharing buttons - it really helps!

Have you read these articles?

• From MPS to MPDS Understanding Managed Print Service
• Cyber Security vs. Printers and the IoT
• Artificial Intelligence and Language
• Xerox Printing Technology