As dramatized in the HP Studios video series The Wolf, printers represent some easily exploitable security vulnerabilities. All too often, printers aren’t monitored in the same way as other networked devices. That can leave sensitive documents susceptible to tampering or fraud.
So what security measures should your organization implement to protect confidential documents? That’s the question we posed to members of the IDG Influencer Network. Their consensus: secure printing is more critical now than ever before. Fortunately, there are security solutions to reduce unclaimed print jobs and protect sensitive documents.
“For secure printing, companies should implement the following: PIN code access to devices, printing only when the recipient is present, and separate devices for sensitive documents,” says Matthew Parker (@PrintChampion), print consultant at Profitable Print Relationships. “In addition, the data network should be kept up to the latest security standards, and there should be a nominated employee in charge of a document security policy.”
“Organizations must, at a minimum, to protect documents, implement dual or multi-factor authentication directly at the device, such as proximity card readers, or alpha-numeric PIN codes tied to smartcards,” says Robert Siciliano (@RobertSiciliano), a personal security and identity theft expert and speaker. “Further, [companies should] encrypt print jobs in transit and on the printer’s hard drive. Consider centrally managed software that enables tracking and management of all print jobs on mobile or desktop.”
Ben Rothke (@benrothke), principal security consultant at Nettitude Group, believes organizations should approach print security as they would any other endpoint: by understanding the risks.
“Printers need to be part of a firm’s risk assessment, just as servers, cloud storage, smartphones, and the like are included,” he says. “The problem is that too many organizations don’t consider printing and security in the same sentence. It’s also critical to understand that printers now don’t just print, they have hard drives that store scanned data. While the paper tray may be empty, the printer’s hard drive over time will have gigabytes of scanned images, which is a separate security issue that needs to be considered.”
Kayne McGladrey (@kaynemcgladrey), director of information security services at Integral Partners, notes that, for several years, we’ve been hearing predictions about millions of Internet of Things (IoT) devices with poor security joining networks and providing an easy attack vector for third parties.
“Printers are a culturally trusted technology because they’re perceived as not being new,” he says. “However, this doesn’t mean that modern organizations should not consider printers separately from a comprehensive strategy for the IoT.”
Morey J. Haber (@MoreyHaber), vice president of technology at BeyondTrust, says there are a few basic steps organizations should take to provide secure printing services to users and to protect the business.
“These include turning off all Internet-based ePrinting services within devices to avoid sensitive information leaving the organization, disabling direct printing from a workstation or laptop so output can be appropriately logged (unless the printer has this capability natively), and designating specific printers with watermarks for departments that will process sensitive information such as Human Resources or Accounting,” he says.
Increasing security via ‘pull printing’
A significant number of these IT decision makers also advocate “pull printing” as a way to protect sensitive documents and reduce unclaimed print jobs. Pull printing stores print jobs until users provide authentication at the printer using either PINs or other verification methods.
“Pull printing (or ‘follow me printing’ as others call it) is one key element,” says Fabian Lippert (@Fabian030), an IT security consultant. “Here you make sure that your documents are printed when the one who wants to print them is in front of the device. No more accidental printing, you can't forget to pick up your printouts, or even send the print job to a printer in a different location.”
“An organization’s data protection responsibility continues even when digital data is printed,” says Eric Vanderburg (@evanderburg), a cybersecurity expert and consultant. “Authorization and access control can be preserved through pull printing; DLP can block, queue, or print and notify when sensitive data such as Social Security numbers are sent to a printer; watermarks can validate document authenticity; temporal and location print limitations can prevent documents from being printed from insecure locations or during restricted periods; encryption can keep print jobs secure in transit; and cache wiping prevents unauthorized data recovery.”
“Security around printed material in today’s digitized world in many organizations is an afterthought,” says Ed Featherston (@efeatherston), principal architect at Cloud Technology Partners. “Measures need to be in place, based on the data itself (not all data is created equal). Watermarks to identify confidential material is one method, though passive. Pull printing . . . is an excellent, active way of protecting the data.”
Scott Schober (@ScottBVS), president and CEO of Berkeley Varitronics Systems Inc., believes layered security measures will deter any thief—including an old-fashioned paper thief.
“Pull printing is one effective layer of security because it controls your document’s release from a mobile device or workstation to the printer,” he says. “It can be likened to two-step verification but for your print jobs. By initiating and releasing secure print jobs with a user PIN as deliberately timed releases, proprietary or classified documents sitting at the printer cannot be circulated to wider audiences.”
Dave Hultin (@davehultin), president of Marketing Ideas for Printers, recommends taking a step back when it comes to document security. “There's a place for protecting documents with all the ‘normal’ security measures (micro-printing, counterfeit protection, etc.),” he says. “But looking at this issue through another lens, I'd say that the first step is to make sure you've created a document that's worth protecting!”
“Securing data or information can be easy to achieve with reasonably low cost by something as simple as a unique VDP [variable data printing] barcode printed onto an item, which can only be scanned once with examples such movie or concert tickets,” says Stephanie Gaddin (@stephroseg), CEO of Rocking Rose Pty Ltd.