01732 759725
PRINT SECURITY
20
they completed a security assessment
compared to just 20 per cent of public
sector respondents.
Currently, security assessments are
often offered as an optional extension
to traditional document assessments.
However, Quocirca believes that these
should become a standard part of the
assessment process and MPS providers
should develop KPI security metrics
to ensure the effectiveness of security
controls.
Implementing a successful print
security plan
Quocirca recommends that the following
measures are taken:
n
Ensure print devices are part
of an overall information security
strategy.
Printers are no longer dumb
peripherals and must be integrated into
an organisation’s security policies and
procedures.
n
Adopt a security policy for the
entire printer fleet.
In the event of a
data breach, an organisation must be
able to demonstrate that it has taken
measures to protect all networked devices.
An organisation should be able to monitor,
manage and report on the entire fleet,
regardless of model, age or brand.
n
Secure access to the network.
Like
other networked devices, MFPs require
controls that limit network access, manage
the use of network protocols and ports,
and prevent potential viruses and malware.
n
Secure the device.
Hard disk
encryption adds an additional layer
of security; securing stored data be it
actively in use by the device, sitting idle
on a device, and/or used by the device in
a previous job. To avoid the risk of data
being recovered when the MFP is moved
or disposed of, data overwrite kits should
be employed to remove all scan, print, copy
and fax data stored in the hard disk drive.
n
Secure access.
Implement user
authentication to eliminate the risk of
unclaimed output being left in printer
trays. User authentication, also known as
pull printing, ensures documents are only
released to the authorised recipient.
n
Secure the document.
In addition to
access and device controls, digital rights
management capabilities can further
discourage unauthorised copying or
transmission of sensitive or confidential
information. This can be achieved
by enabling features such as secure
watermarking, digital signatures or PDF
encryption.
n
Ongoing monitoring and
management.
To ensure compliance and
to trace unauthorised access, organisations
need a centralised and flexible way to
monitor usage across all print devices.
Auditing tools should therefore be able
to track usage at the document and user
level. This can be achieved by either using
MFP audit log data or third-party tools,
which provide a full audit trail that logs
the identity of each user, the time of use
and details of the specific functions that
were performed.
n
Seek expert guidance.
Manufacturers and MPS providers
continue to develop and enhance their
security products and services. Take
advantage of security assessment services
which evaluate potential vulnerabilities in
the print infrastructure. Note that not all
assessments are equal. Ensure that the
assessment provider demonstrates the
credentials to fully evaluate the security
risks across device, data and users. There
are also a range of security certifications
that are published by the National
Institute for Standards and Technology.
Ultimately, print security demands a
comprehensive approach that includes
education, policy and technology. In
today’s compliance driven environment
where the cost of a single data breach
can run into millions, organisations must
proactively embrace this challenge. By
using the appropriate level of security
for their business needs, an organisation
can ensure that its most valuable asset –
corporate and customer data is protected.
...continued
To avoid
the risk of
data being
recovered
when the
MFP is
moved or
disposed
of, data
overwrite
kits should
be employed
to remove all
data stored
in the hard
disk drive
The 11th annual
Cost of Data Breach
Study
, independently
conducted by
Ponemon Institute
and sponsored by
IBM, found that the
average total cost of
a data breach for the
383 companies that
participated, increased
from $3.79 to $4
million. The average
cost paid for each
lost or stolen record
containing sensitive
and confidential
information increased from $154 in
2015 to $158 in this year’s study.
The global study looked at the
likelihood of a company having one or
more data breach occurrences in the
next 24 months, estimating a 26 per cent
probability of a material data breach
involving 10,000 lost or stolen records.
Seven global megatrends
1
The cost of a data breach has not
fluctuated significantly, suggesting it is a
permanent cost organisations need to be
prepared to deal with and incorporate in
their data protection strategies.
2
The biggest financial consequence of a
data breach is lost business.
3
Most data breaches continue to be
caused by criminal and malicious attacks.
These breaches take the most time to
detect and contain and as a result, have
the highest cost per record.
4
Organisations recognise that the
longer it takes to detect and contain a
data breach the more costly it becomes
to resolve. Over the years, detection and
escalation costs have increased. This
suggests investments are being made in
technologies and in-house expertise.
5
Regulated industries, such as healthcare
and financial services, have the most costly
data breaches because of fines and the
higher than average rate of lost business
and customers.
6
Improvements in data governance
programs will reduce the cost of
data breach. Incident response plans,
appointment of a CISO, employee training
and awareness programs and a business
continuity management strategy, continue
to result in cost savings.
7
Investments in certain data loss
prevention controls and activities such as
encryption and endpoint security solutions
are important for preventing data breaches.
This year’s study revealed a reduction in
cost when companies participated in threat
sharing and deployed data loss prevention
technologies.
By numbers
n
383 companies in 12 countries
n
$4 million is the average total cost of
data breach
n
29% increase in total cost of data
breach since 2013
n
$158 is the average cost per lost or
stolen record
n
15% increase in per capita cost since
2013
/
media/2016-cost-data-breach-study/
Calculate the risk
2016 Cost of Data Breach Study:
Global Analysis
Benchmark research sponsored by IBM
Independently conductedbyPonemon InstituteLLC
June 2016
Ponemon Institute
©
ResearchReport
