Blog

Your Printer May Be An Insider Threat
Data breach Insider threat Print security

Your Printer May Be An Insider ThreatAh the printer.  Work horse of business communication for decades.  Most organizations indicate that printing is critical or important to their business activities.  Even when we think most of our business is done electronically, we still print a lot of documents.

Some industries are more paper-intensive than others.  Healthcare, government and financial services still rely on printing for numerous business processes.  People need to print forms, certain processes require one or more signatures and a lot of information is just easier to read when it’s printed.  Regardless of your business, a lot of it still runs on paper.

The Dangers of Smart Printer Devices
Print security

The Dangers of Smart Printer Devices

Printers are definitely not what they used to be a decade ago. They have evolved and are becoming more involved in organizations’ networks, as well as an increase in multifaceted functions that have made them vulnerable and threaten the stability of the entire network. Hackers and insiders have made their case by causing internal and external data breaches through these printers.

Nowadays although there has been a great push to secure mobile devices and their data, organizations neglect to additionally secure their network and internet-enabled printers. The reason this is such a concern now, is that from these mobile devices you are now able to print, scan to email, network drives and scan to web-hosted applications.

Stop Data Breaches through Printouts
Data breach Insider threat Print security

Stop Data Breaches through PrintoutsA Montefiore Medical Center employee in New York stole names, addresses, dates of birth, Social Security numbers, next of kin information and health insurance details of more than 12,000 patients and used those identities to purchase clothing and other merchandise from some of New York’s finest department stores.  The Montefiore employee was the trusted insider who sold the stolen information to a ring of seven others who perpetrated the crimes.

The employee printed thousands of patients’ records and sold them for $3 per copy to her outside accomplices. The hospital had no way of preventing or controlling this activity. The employee and her accomplices are under arrest, but the hospital may face charges for violating HIPAA and patient privacy laws.

Data Breach Concerns Still Linger with Printing
Data breach Print security

Data Breach Concerns Still Linger with Printing

Last month a South Texas Veterans Health Care System alerted 4,000 veterans that their personal data had been exposed as a result of a printing error. In an another article, only 17% of businesses are using mobile printing due to concerns of security threats and in a recent research by Quocirca released in August over 90% of organizations have suffered at least one data breach due to unsecured printing.

It all way too common to see businesses leaving themselves open to data breaches as their printers leave printouts exposed, unclaimed and ultimately open to and accessible by staff, contractors and visitors. The need for secure printing continues even though only 22% of businesses place a high importance on the security of printed documents.

Reducing Data Breaches through Printing Errors
Data breach Insider threat Print security

Reducing Data Breaches through Printing ErrorsWe’ve heard of data breaches by insiders but not in the way of printing errors. Although between the two kinds of insider threats, malicious and by accident, this is considered by accident, this can be a big headache for organizations. Whether it is leaving printouts of sensitive data on the printer unattended after printing or printing errors due to human error, this can all lead to data breaches.

In a recent article, a health care organization had to alert 4,000 patients that their personal data had been exposed due to a printing error. What should have been a fairly easy printing job mistakenly put one unique patient’s information on one side and another patients on the back page, which should have been a notice to explain new rules regarding a certain type of medicine. Unfortunately, mistakes occur, and when that employee mistypes or prints the wrong document, a major data breach can occur.

Stop Data Breaches Through Paper Records
Data breach Print security

Unintended Data Breach Through Paper RecordsWhile most of us like to think that we live in a paperless world, the reality is quite different.  Even though we do a lot of work on our phones and tablets, there are still a lot of business processes that use paper.  While many businesses continue to invest in information security to safeguard their IT systems from external and internal threats, few pay the same attention to protecting the print infrastructure.  After all, printing still plays a critical role in creating and distributing documents.

A recent study of more than 1,500 data breaches in 2013 and 2014 by a unit of Beazley P.L.C. reveals that the two most common sources of breaches are unintended disclosure through emails & faxes and the physical loss of paper records.  The loss of paper records, which is particularly prevalent among health care organizations, accounted for 24 percent of the total.  Interestingly enough, malware and spyware accounted for only 11 percent of the total.

Someone Is Stealing Confidential Documents from Your Printer
Data breach Print security

You need to think about printing confidential documents and leaving them in the output tray.  If you aren’t careful, anyone can come along and grab them.  Especially if you print something and someone picks up their print job before you get to the printer.  If the information on the document is personally identifiable information (PII), customer data or financial information, this could become serious.

One of the best ways to address this is to implement pull printing or some type of secure release.  You print and only release it when you get to the printer. You can type a PIN into the panel of an MFP or swipe a smart card to release the job; there are lots of ways to do this.  This reduces the temptation by employees and anyone walking around to go snooping to see what they can find – out of sight, out of mind.

Here’s a great little video that shows the problem in action.

Look How Easy It is to Steal Data from your Printer
Data breach Print security

Steal Data from your PrinterIn January The Schmoo Group held its annual get together called ShmooCon 2011.  This is an annual east coast hacker convention in the US where people discuss critical information security issues and demonstrate technology exploitation, inventive software and hardware solutions.

This year Deral Heiland and Pete Arzamendi presented a discussion on serious vulnerabilities in multifunction printer (MFP) security.  In this presentation they focused on gathering data from MFPs and using it to access other systems on a network.  By taking advantage of poor printer security and vulnerabilities they grabbed an abundance of information including usernames, email addresses and passwords.  They used that information to get administrative access into email servers, file servers and Active Directory domains.

How Your Copier Became a Security Risk
Data breach Print security

copier security Just when you thought it was safe to copy or print a document in the office, something comes along to shake your confidence.  Back in the old days, a copier just copied what you put on the glass.  It used heat, toner and static electricity to reproduce your document.  As long as no one took your copies, your documents and your information were safe.

Then along came digital copiers with their ability to store documents on a hard drive.  This was great because you could also email or fax the document after you copied it.  The copiers also became printers and scanners which let you do many tasks with the same device.  These new multifunction devices or peripherals (MFP), could also become a simple document management system.  They stored every document scanned, copied or printed on their hard drive.  And you could retrieve them.