Printing – the ‘forgotten’ security link to safeguard business assets
EU Agency ENISA launches report on ‘Secure Printing’
New printing techniques provide ways for companies to improve customer relations, cut spending and streamline business processes but, at the same time, expose organisations to security threats. For example, in December 2007, a UK government body reported missing a data cartridge containing the pension details of 6,500 persons. When a draft of this press release was printed in a hotel, the reverse side showed the hotel bill of a guest, with minibar and other private expenses listed, proving the point in case.
Only 53% of companies use authentication for printing, such as smart cards, biometric identification, or PIN codes. ENISA therefore recommends business to adopt secure printing strategies to protect business assets and confidential customer data.
Printers produce key business documents, such as invoices, forms, tickets, statements, employee and customer data. But how is data treated in the printing process? Sensitive data is most vulnerable when in transit, where printing is a weak, ‘forgotten link’ in the security chain. Protecting confidential data in printing devices has both security and financial benefits, as top management recognise that office print expenditure can be reduced by 10-30% through the implementation of secure printing practices (Source: Gartner, 2008). And yet, awareness of secure printing strategies is low among more than 350 French, German and UK organisations, according to ENISA.
The report gives an outline of the data susceptible to security breaches and highlights document printing/copying risks. Moreover, the Agency lists recommendations on how to avoid major risks and provides a checklist for secure printing in organisations.
The Executive Director of ENISA, Mr Andrea Pirotti, comments on the report: “Business in Europe must realise that printing and copying is not as safe as when Gutenberg started printing 540 years ago. Crucial company assets and confidential data is at stake as even printers can get hijacked.”
Risks and ENISA recommendations
There are many identified risks of an uncontrolled printing environment, but two are paramount. By abusing information an attacker can gain competitive advantages but criminals can also penetrate networks through printers. This kind of malicious attacks can be used for fraud, hijacking, espionage and can thus cause significant losses.
The Agency’s security tips are targeted at various organisations, ranging from large multinationals to small- and medium-sized firms and include, for example:
• Control access to printers with a policy on who can print, scan and copy documents
• Classify documents to distinguish between internal/public/confidential/and highly-confidential documents
• Authenticate printing devices by, e.g., smart cards, biometric identification or PIN codes
• Locate printing/copying devices in safe, protected, controlled or secure areas.
The full ‘Secure Printing’ report is available at: http://www.enisa.europa.eu/...
ENISA - European Network and Information Security Agency
“Single European Information Space” and The Council’s “Strategy for a Secure Information Society in Europe”. ENISA’s feasibility study is a response to a EU Commission request.
For further information, please refer to the ENISA feasibility study: http://www.enisa.europa.eu/... or Head of Department, Dr. Alain Esterle or Ulf Bergström, Press and Communications Officer, ENISA, Mob:
Press releases you might also be interested in
Weitere Informationen zum Thema "Sicherheit":
Smart-Meter-Gateway als Security Best Practice
Um das volle Potenzial der Digitalisierung zu nutzen werden Systeme zunehmend über Netzwerke miteinander verbunden (manchmal auch unbeabsichtigt). Eine Folge dieser Entwicklung ist, dass potenziell sensible Daten in Zukunft vermehrt gesammelt und verarbeitet werden. Experten rechnen vor diesem Hintergrund global mit 40 Milliarden vernetzten Geräten bis 2020 sowie einem weltweiten wirtschaftlichen Mehrwert von bis zu 11 Billionen Dollar im Jahr 2025.Weiterlesen