Secure Printing (Part 1 of 3)

by Tobias Habermann

The protection of data has taken on an increasingly important role for businesses. More resources than ever before are being given over to ensuring this security. When it comes to protecting your data, most IT security strategies will concentrate on data centers and internal networks, often neglecting to look at printer technologies. This raises the question of what good the best security strategies and encryption mechanisms are, if sensitive company documents are printed after decryption and accessible to “everyone”. In this three-part series on our blog, I’ll introduce you to common dangers with printing and show you general ways to prevent them from happening.

Risk Factors in the Printing Process

In 2016, the German Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik, or BSI) distinguished between four types of dangers.

1. Human Errormultifunktionsdrucker

This includes above all the non-compliance of security measures and carelessness in handling information. Every company has information which is not meant for public eyes;this includes documents with personal information, strategy papers, and so on. Even when these documents are classified as strictly confidential, they are not always handled that way when distributed and reproduced. If printed on network printers (i.e. printers for specific floors or departments), the documents may remain in the printer’s output tray and can be viewed or removed by any number of people. If the printed documents are not found at the target device, the users don’t address the causes. Instead, they assume IT problems, and start a new print order, as they are accustomed to frequent problems and unexplained phenomena. Organizational and technical security measures are also often sabotaged through careless handling . One regularly sees articles in the press where an institution’s confidential documents were found in a paper recycling bin. The salaries of employees and personal information on board members have become public knowledge this way.

Often, the proper handling of critical information and IT systems is not communicated to company staff. With outside persons, it cannot be assumed that they know the specifications of the company’s information security, and how to carry them out. Visitors, cleaning staff and external personnel can endanger internal information, business processes, and IT systems in a myriad of ways. In regard to the print process, cables can come loose, or uncollected confidential documents can be mislaid or even thrown in the trash.

2. Organizational Deficiencies

The gravest organizational deficiencies include insufficient entry and access controls. These include rooms where vulnerable information is kept and processed, and where the printers used for these documents are located. In the case of unauthorized access, this can lead to grave damages caused by unintentional error, but also bymanipulation or vandalism. As an example, in one company, all employees had access to all the printer rooms. An aggressor succeeded in physically accessing a central printer and manipulating it, so that all documents were recorded onto the integrated printer hard disk, but not deleted. The overfilled hard disk was eventually replaced with a new one, and its data read externally. Strictly confidential development documents were obtained this way and sold to the competition, before the manipulation was discovered.

You’ll learn about other dangers, and ways to prevent them, in Parts 2 and 3 of this series.

Share

Leave a Reply

Your email address will not be published. Required fields are marked *

* = Required field

  • Blog Categories

  • Next Events

    1. Siemens PLM Connection

      4. July 2017 - 5. July 2017
    2. SAP for Utilities

      10. September 2017 - 14. September 2017
    3. TechEd

      25. September 2017 - 29. September 2017
    4. DSAG Congress

      26. September 2017 - 28. September 2017