The EU General Data Protection Regulation (GDPR) is soon going to take effect, 25th May 2018. With this new regulation being put in place, this will lead to change; particularly with organisations current approach to print security.
Networked printers and multifunction printers (MFPs) are disregarded when it comes to broader security measures. However, these devices process and store data, as they are intelligent devices they have the same susceptibilities to security breaches as any other networked endpoint.
Through research, it has been found that almost two-thirds of large organisations have experienced a print-related data breach. The biggest incentive to rethink print security is the substantial potential fines imposed by GDPR. Infringement can attract a fine of up to 4% of total global turnover or €20 Million (whichever is higher).
What is GDPR?
When the new regulation is in place, any organisation that controls personal information about EU citizens must have rigorous organisational and technical measures in place to comply with GDPR. While this is an EU regulation, it affects any organisation that handles personally identifiable information of an EU-based individual, even if the organisation is not based in the EU.
GDPR sets out a series of measures an organisation must take to protect personal data, including the appointment of a data protection officer where necessary, and maintenance must be detailed to prove compliance. The GDPR focuses on the concept of accountability, changing accountability from individuals to organisations. Organisations must now demonstrate that they have taken the right, actions to protect personal data.
There is also a requirement to have a robust procedure in place to detect and investigate personal data breaches as well as report them within 72 hours to a relevant authority and in high-risk cases affected individuals.
What are the security requirements?
Article 32 'Security of processing', within GDPR, states that organisations should implement and revise technical and organisational measures to ensure a level of security appropriate to the risk.
In addition to the range of technical and organisational measures enforced by the regulation, there is a need to protect personal data against unauthorised processing, accidental leak and theft. Preventing unauthorised access to electronic communications networks and the distribution of malicious code is a key part of GDPR’s network and security environments.
This means that organisations need to demonstrate complete control over information security to comply with GDPR. With numerous organisations still dependent on printing to support business processes, it is essential that any meaningful measures towards GDPR compliance must consider protection of networked printers and MFPs.
Ensuring print security
Multifunction printers have evolved into technologically advanced document processors that can print and copy as well as enable the capture, routing and storage information. Despite its intelligence, networked devices have vulnerable points. Printers or MFPs are an Internet of Things (IoT) device and as such left unsecured gives access to the entire corporate network. Without appropriate controls in place, information on the device, in transit or on the device can be accessed by unauthorised personnel.
Qualifying issues and resolving for compliance
As crucial endpoints, printers and MFPs must be part of the overall security strategy. This should ensure that all networked printers and MFPs are protected at the device, document and user level. This means, data is encrypted at transmission, hard drives are encrypted and overwritten, print jobs are only released to the authorised users and devices are protected from malicious malware.
Many organisations may believe that they are covered by existing technology, but in many cases, this does not protect against new threats. Thus, operating a large, mixed fleet of old and new devices, can leave gaps in security.
How to ensure protection
In order to ensure compliance, and full protection speak to us – we’re the experts.
Logixal’s Managed Print Service is best positioned to advise on print security technology. We support clients improve resilience on hacking attempts on devices, detect malicious threats, continually monitor print infrastructure, enhance security policies and raise employee awareness through training.
GDPR is a reminder that organisations need to proactively assess their security position. Organisations must move quickly to understand the legislation and put effective measures in place. Print security is a component of GDPR compliance, it is imperative that organisations act now and evaluate their print security.
If you would like a free consultation to discuss your security please give us a call on +44 (0) 20 7014 0100 or email email@example.com