Document security isn't just a digital issue

12 April 2017

Video

Cyber security may get all the headlines, but a physical document falling into the wrong hands can do just as much damage.

Strange, isn’t it, how organisations will spend millions of pounds on network and data security, yet turn a blind eye to documents sitting in a network printer’s out-tray. Sometimes these documents may be of little concern to anyone inside or outside the company, but not always. That abandoned wad of printed paper could be a confidential report, financial figures, the details of a department manager’s salary, even details of a forthcoming deal or a major acquisition. Who knows what you might find in the output tray, or who might find it?

That’s where the problems start. Perhaps that confidential report finds its way outside the company through a disgruntled employee, to be leaked to a competitor or scanned and uploaded to a website. Maybe those financial figures take a similar path. Perhaps the manager’s salary becomes open knowledge to their team, causing all kinds of resentment in the workplace. And will news and details of the acquisition get leaked or be used for financial gain? One document left for too long in the out-tray and who knows where things may lead?

These aren’t imaginary threats. The PWC Global State of Information Security Survey 2017 found that insiders pose a significant risk within UK enterprise, and that the top insider risk continues to be current employees, followed by former employees and current consultants, contractors or service providers. Is it really safe to trust everyone within the office space?

Yet none of us need to lose sleep over what might or might not be sitting in the output tray; all it takes is an understanding of the risks and a strategy to handle them. A 2015 IDC Survey found that, while more than half of the companies surveyed had experienced a security breach involving print within the last 12 months, those organisations with a print security program in place had experienced up to six times fewer of them. What’s more, implementing such a program has brought other benefits, including a 50% reduction in the time IT staff spent supporting print environments and an average 15% reduction in paper, ink and toner costs.

By managing the print cycle from the moment a print job is sent to the moment it’s picked up from the output tray, organisations can improve document security and cut costs. That hastily printed acquisition presentation found lurking in the output tray? It would never have been printed, let alone left for anyone to grab.

The push for pull

The key measure is ‘pull printing’: a feature of office printers whereby users send a print job to the printer from their PC or their laptop, but the document doesn’t print until the user authenticates and retrieves the job. This can only happen while at the printer. Unless the user authenticates then leaves their document in the output tray you can be sure that the right person has printed and picked up their document; jobs that aren’t retrieved don’t get printed and will, after a time, be deleted from the print queue.

Pull printing doesn’t just help ensure that only those who need to see a document see a document, but also reduce the cost of printing documents that would normally have been abandoned. Indeed, having to authenticate a print job might just save employees hassle, not to mention the horrors of printing 20 copies of a 10 page document where a client’s name has been spelt incorrectly on every page.

Of course, not all implementations of pull printing are equal. Some rely purely on software installed on the user’s desktop or on server-side software that requires an upfront investment. Other solutions are more flexible, or use the cloud to enable printing from a wider range of locations or devices or to any of the organisation’s printers. HP, for instance, implements pull printing in two ways:

  • HP JetAdvantage Secure Print 

    This robust Software as a Service print app runs from the cloud and is compatible both with HP printers and MFPs and those of other manufacturers. Print jobs are sent to the cloud-based service or stored on the client’s device – or both – then held until the user is authenticated at the printer. Users can be authenticated through a PIN, a proximity card or even their smartphone, and print jobs can be sent from anywhere and printed at any Secure Print-enabled printer in the organisation. If you need eight copies of a proposal in the boardroom you can print them on the printer outside the boardroom. What’s more, the solution includes basic print tracking and analytics, allowing you to monitor usage and unclaimed prints.

     

  • HP Access Control

    HP Access Control takes pull printing to the next level, enabling users to authenticate via badge, PIN or proximity card, or even using their Windows log-in credentials. On NFC-enabled printers, users can also touch to authenticate through an NFC enabled smartphone or tablet, while HP AC Mobile Release enables secure printing and authentication remotely from a mobile device. All of this works as part of a solution that integrates with existing LDAP and Active Directory network credentials and fits into HP’s job accounting, print management and rights management framework, making it easier for companies to optimise their workflows and reduce their printing costs.

Optimising print security

Of course, pull printing isn’t a print security silver bullet. Instead of leaving documents unsecured at the printer you could be leaving them in the cloud, on the printer or on a server, where they may be subject to other cyber-threats. When the printer itself can be the weakest link in the security chain, that might not be much of an improvement. HP combats this through a combination of advanced printer security, with SureStart BIOS protection, firmware whitelisting and run-time intrusion detection, and use of strong encryption. Not only is 256-bit AES encryption used to secure jobs in transit and at rest, but JetAdvantage Secure Print uses 2048-bit encryption in the user authentication process.

And while any PIN-based system is only as good as the PINs being used, both Secure Print and Private Print allow alternative ways for users to authenticate. HP Proximity Card Readers allow authentication through the nearby presence of a smart card – over 43 formats are supported – or you can authenticate and retrieve your documents from an authenticated smartphone with a mobile app.

With the right technology in place, printing can be secure and all output tray nightmares eradicated.  Printers can be protected from intrusions and blocked as a network backdoor. In a world where hackers prey on weakness, exploiting every vulnerability, our printers don’t have to make their work easier. It’s time to get serious about printer security and leave the wolves looking elsewhere for a feast.