TECHNOLOGY

MANAGING THE HIDDEN SECURITY GAP IN FINANCIAL SERVICES: THE OFFICE PRINTER

Managing the hidden security gap in financial services: The office printer

James Stelfox, MD of QuoStar MDS, a managed document solutions and print management service

The financial services industry is under ever-increasing levels of regulation, in part tokeep clients’ data safe and secure on a firm’s systems. More specifically, the Data Protection Act requires firms to have appropriate security in place to prevent any confidential data being accidentally or even maliciously compromised. However, with data breaches appearing more and more frequently in the news, businesses in this industry must recognise the importance of upping their game in terms of security.

After all, a firm’s reputation and future success can be seriously damaged if inadequate security puts clients’ information at risk. Most businesses are aware of the basics: tools like firewalls and anti-virus can certainly help to keep data safe.  However, few firms tend to consider the role that the office printer plays in protecting confidential data.

Many businesses are set up with a printer per desk or per team, yet are unaware that having departmental printers sprinkled throughout an office can pave the way for a data breach, since modern printers now contain a wealth of confidential data that makes them vulnerable to a security breach.

Adding layers of security

Financial services firms are flooded with documents coming out of the printer every day, with many of these eventually intended for the shredder as they are printed and forgotten about. The real risk lies in establishing whose eyes are allowed to see the documents sitting on the printer in the meantime – and indeed whose aren’t.

Upgrading the printer with an extra level of security is one way to prevent reams of paper sitting in its output tray. With a secure printing solution, users are required to input a PIN code, or swipe a key fob on the device before documents will be released for printing. As such, if a member of staff does not authorise this printing, the document will remain in the printer’s job box, securely out of sight from any unauthorised personnel. This technology also reduces the need for the ‘office dash’, where an employee rushes across the office to claim their printed document before it can be seen by anyone else.

For those working with especially sensitive data, biometric solutions can be added to upgrade the security level in this scenario.One of the latest phenomena to impact firms is ‘follow-me’ printing, which means that documents can be collected from any printer on a firm’s network. This is particularly useful for large firms which might utilise hot-desking or have meeting rooms on various floors.

Documents in transit

Documents travelling from a computer to a printer can also be vulnerable to hackers, since it is possible for print jobs to be intercepted on either a wireless or hard wired connection. A business can address this risk by encrypting the print job, which will protect any data traversing the network before it is placed in the printer’s storage facility.

The storage within the printer itself can also be encrypted, which protects the documents waiting in the job box. As a final safeguard, firms can choose toimplement an auto-delete function on the printer, which will remove any documents not printed after a specified timeframe, e.g. after 24 hours.

Although a challenging task, it’s important to track print jobs and audit printing practices in order to fully assess an office’s print environment. Firms in the financial sector can utilise specific tools which help to identify employees who might be ignoring company policies, for example, or abusing their print privileges. This kind of employee negligence will not only put the company at risk, but will also result in additional costsfor firms that are trying to protect their margins.

Deleting a firm’s history

Businesses in all industries regularly change their printers, whether they are being returned to a leasing provider, retired in favour of a newer model or updated to reflect a firm’s changing needs. For financial services organisations in particular, it is vital that any data that could be left in a printer’s internal memory is deleted before it leaves the office for good.

A printer can hold thousands of documents in its internal storage system: every document printed on site, every scan or copied document and any incoming faxes from people outside the business. If the device is not encrypted, set to automatically delete data or is not regularly wiped, all of this data will remain on the printer and can be accessed from anywhere, by anyone, once it has left the building. If left unaddressed, all of a firm’s confidential data will therefore leave with the device.

Despite the increased security implemented by firms in the financial services sector, a majority of companies are still solely focusing on network entry points, and excluding the office printer from their security strategies. Firms must realise that printers have to be managed and protected with the same level of priority as the entire IT infrastructure in order to protect sensitive data – or face dire consequences in the event of a breach.

To Top