With high profile cases like TalkTalk making the headlines, you could be forgiven for ignoring all the less newsworthy breaches that occur on a daily basis.
- Printing confidential documents to the wrong printer – perhaps in another department
- Documents held up in a print queue – only to be printed later when the sender is not around to collect the document
- Malicious activities from a disgruntled staff member – perhaps accessing payroll documents and making them public
- Data theft from allegedly secure servers within your business.
- The list goes on…
If you allow free access and output of information in your business, this constitutes a security hole, one that may be in breach of current government and industry compliance regulations or put the company at risk of client accusations of negligence.
Protecting the business against these threats should be treated as a priority. Here is a useful guide that might help you assess the risk and what you can do to keep your organisation safe and protect its reputation.
So what can be done protect your business data?
Firstly be aware that security breaches arise from 3 main sources:
- External attackers
- Employee mistakes
- Internal malicious intent
Employees actually pose a significantly higher threat to business than you might think, second only to malware. The more employees you have, the greater the possibility of inadvertent exposure of sensitive information.
Let’s take a look at the possible areas where breaches can occur and what can be done to ensure information remains secure:
- Employees may send their work to the wrong printer where an unauthorised person could collect it, or leave it abandoned in a printer tray. A system, implemented at server level, running company wide ensures employees can only print documents when they have authenticated themselves at the printer.
- Print queues and output issues such as being out of paper or toner can cause multiple documents to print at once. Personnel must then sift through pages to find the document they have printed, viewing other documents in the process. A print management system that allows print jobs to be output one user at a time ensures ownership of printed documents as they arrive in the printer tray.
- A robust policy for destruction of old printing hardware is essential to ensure complete eradication of data.
- Keywords and document structure can be set to indicate whether access rights are needed and to embargo print if security breaches are at risk.
- Scanned documents can sit on individual computers unless a scan management system is in place to route scanned documents to a controlled document management system.
- Data encryption should be applied to prevent access to documents stored in the cloud.
- Ghost hard drive images containing deleted files should have robust protection against unauthorised access.
- Eliminate data theft by simple measures such as password access, restriction of employees to certain computers and systems, and data encryption. Brief staff on their responsibilities towards access and distribution of sensitive data.
- Prevent email printing and distribution by intercepting those containing restricted documents such as messages containing specified key words.
- Hacking from outside sources is much harder if firewalls are in place and passwords changed regularly. Computer software should always be kept up to date.
- Set alerts to notify when and by whom a breach of security has taken place. This acts as an effective deterrent against malicious employee attacks.
- This sits alongside computer security and can be controlled via passwords and allocating specific access rights to personnel.
- Store job and print logs for future reference should an investigation be required.
- Use search terms to quickly identify and alert the company to attempted print and distribution of sensitive information and take immediate corrective action.
Remember to take a look at where data is held – from emails and post to archives and internal documents. What’s needed is a tightly controlled process driven business system to create, share, distribute, action and file information, with authorisation levels and monitoring facilities embedded in that system to prevent unapproved access, print or distribution. It’s easy to implement company wide, putting in place the necessary measures to close loopholes and protect against inadvertent or intended security contraventions.
Safeguarding your reputation
A breach of data safety undermines the trust your customers put into your business. It can irreparably damage your reputation and cost £’000s in bad publicity.
A securely managed system for controlling flow of information, and print output, including from remote sites and mobile devices, keeps your people working efficiently, yet without compromise. Your organisation will be fully compliant whilst safeguarding its reputation.
If any of the issues highlighted here have caused you concern, feel free to speak to us about easy to implement security measures that keep your information safe whilst also improving business processes.