Data exists on paper too

Posted on Mar 4 2016 - 8:05am by John Peters
RATING

If 2015 was the year of data breaches, 2016 is the year when organisations will have to re-double their efforts to secure customer data, bringing opportunities for resellers.

Sensitive and confiential information is arguably much more likely to be made public through the failings of an organisation's own processes.

Sensitive and confidential information is arguably much more likely to be made public through the failings of an organisation’s own processes.

Scarcely a week has gone by in the last year without news of a major security breach, from Talk Talk and Sony to JD Wetherspoon and Ashley Madison, so much so that their occurrence appears almost unavoidable. In a survey by The Institute of Customer Service, more than three-quarters of consumers said that organisations would never be able to protect their data.

Businesses can’t afford to be so fatalistic. They face new obligations from a number of sources, including the EU’s General Data Protection Regulation (GDPR), due to become law across the EU by 2018, which includes sanctions of up to 4% of turnover for non-compliance; and The Network and Information Security Directive, which requires organisations in the fiance, health, energy and transport industries to disclose cyber security breaches promptly after discovery.

Already, multi-national companies are affected by the suspension of existing Safe Harbour rules governing the use of the personal data of EU citizens outside the EU.

Unforgiving consumers

While most consumers believe data breaches are a part of modern life, they are unforgiving of businesses that are hacked – 83% of 1,000 consumers surveyed by The Institute of Customer Service want the Government to impose fines if data is not safeguarded; 30% said they would change supplier in the event of a successful cyber attack; and 28% claimed they would never consider using a supplier whose defences had been breached in the past.

In a separate survey by Gemalto, nearly two-thirds (64%) of consumers said it is unlikely they would do business with a company that had experienced a breach leading to the theft of customers’ financial data. Nearly half (49%) said the same about data breaches in which personal information was stolen.

Unsurprisingly, then, cyber security is big business:

– Research firm Markets and Markets1 expects the global cyber security market to grow in value from $106 billion in 2015 to $170 billion in 2020, at a CAGR of 9.8%;

– The UK has established Europe’s first dedicated cyber security start-up accelerator and incubator, Cyber London, which in December announced a second intake to its 14-week programme;

– Demand for IT security experts increased four-fold in 2015. According to The Manpower Employment Outlook Survey, cyber security specialists can now command daily rates of £3,000 plus. The best can earn more than £10,000 a day.

Printers matter

As network devices, printers are an important – but often overlooked – part of the security jigsaw. Most come with the security features you would expect, from data encryption to disk erasure, but they tend not to be managed and secured with the same diligence as other computers on a network, making them a potential point of weakness in an organisation’s network defences.

In September 2015, HP addressed this issue with the introduction of three enterprise class LaserJet printers/MFPs featuring embedded security features that deliver an unprecedented level of automatic protection against malicious attacks. These include:

– HP Sure Start, which enables the detection of, and self-healing recovery from, malicious BIOS attacks. This extends the BIOS security protection used in HP Elite PCs to new HP LaserJet Enterprise printers;

– Whitelisting, which ensures only known, good firmware can be loaded and executed on a printer; and

– Run-time Intrusion Detection, which provides in-device memory monitoring for malicious attacks.

HP says that these features will be standard on all future HP LaserJet Enterprise and OfficeJet Enterprise X printer launches. With a fimware update, they can also be enabled on several HP LaserJet Enterprise printers launched in April 2015. In addition, whitelisting and Run-time Intrusion Detection (but not HP Sure Start) can be added to many existing HP LaserJet Enterprise and OfficeJet Enterprise X printers launched since 2011 through an HP FutureSmart service pack update.

Securing printed output

Embedded security features like those on HP’s new products help protect against external threats. But, as a new blog by Neopost2 makes clear, it is just as important to secure printed output. Printer resellers have had great success selling secure print solutions that prevent the opportunistic theft of documents from paper output trays. But sensitive and confidential information is arguably much more likely to be made public through the failings of an organisation’s own processes.

For example, many of the 559 complaints received by the Information Commissioner’s Office (ICO) in July to September 2015 relate to the security of printed documents, including loss or theft of paperwork; data posted or faxed to the wrong recipient; and the insecure disposal of paperwork.

Neopost states: “Unlike hacks and cyber attacks, the three types of security breach mentioned above are caused by human error and/or faulty processes. And all are highly preventable. With the broad range of address management solutions available – many of them provided by Neopost – and intelligent folder inserters that can control, track and validate envelope insertions, there can be no excuse for sending letters to the wrong destination.”

The growing need for businesses to improve data security doesn’t just create demand for IT security solutions and services, it also gives resellers an opportunity to assess and improve customers’ print, output management and mail processing practices.

www.manpowergroup.co.uk/meos

www.instituteofcustomerservice.com

https://cylonlab.com