Blog

Tag: print security

Remote worker in home office settingGartner predicted that roughly 50 % of knowledge workers worldwide should be logging in remotely by now. More remote work puts more sensitive data at risk, which increasingly also impacts manufacturing companies. Check out the following ten tips to ramp up your document protection program in 2022.

*

Quick question: What do automated ransomware campaigns conducted by external attackers have in common with data theft committed by corporate insiders?

In the light of recent incident reports, I can think of three answers off the bat – at a minimum:

 

  • In both categories, incidents are on the rise.
  • Both target sensitive data, since more ransomware attacks begin with stealing confidential documents for extortion or sale on the dark web before encrypting the victim’s data.
  • Both increasingly exploit work-from-home data security weaknesses.

 

Examples of the latter include unsecured WiFi networks, unmanaged devices, and endpoint vulnerabilities. At the same time, IT lacks visibility into the online activities of remote employees and contractors.

In a nutshell, this example shows how remote work has become the primary source of risk to digital assets in the enterprise. Now the Omicron variant is pushing even more organizations (back) into remote or hybrid work arrangements.

Additional factors exacerbate the crisis going into 2022. The automotive industry and its supply chains feel the impact. Key employees leverage the “Great Reset” in the industry and leave to join competitors, sometimes taking trade secrets with them. IT teams struggle with staff shortages and often only learn about what happened when it’s too late.

Does this sound familiar?

 

10 tips to boost your remote work document protection

 

Get ready for 2022 with our ten tips on how to protect unstructured data in remote work settings:

 

    1. Identify the threat.

Beware intellectual property theft by insiders. In more than 50 % of documented IP theft cases, the perpetrators were current or former employees or contractors. In addition, when external attackers exfiltrate sensitive information, employee negligence often plays a role.

 

    1. Identify what’s most at risk.

In most innovation-driven companies, trade secrets are stored in the form of unstructured data. Think confidential Microsoft Office documents, CAD/CAE files, digital images, or PDFs. They come in various (legacy) formats and are often scattered across the organization and along its supply chain. Securing them will be an uphill battle, especially in remote work environments, without the right strategy.

 

    1. Identify your data protection strategy.

The push into remote and hybrid work environments requires a comprehensive approach to data protection, rather than merely a mix of device-centric endpoint and data loss prevention (DLP) solutions. Recognizing this, more technology companies are adopting a data-centric security model.

With sensitive documents, this means they remain protected regardless of where a file resides or with whom it is shared. The data-centric model ensures document protection independently of networks, servers, locations, and devices, such as unmanaged home office printers.

 

    1. Protect data throughout its lifecycle.

Digital Right Management (DRM, sometimes also referred to as Information Rights Management, IRM) is based on the data-centric security model at the core of any Zero Trust strategy. Fasoo Enterprise DRM (EDRM) enables organizations to persistently protect, control and track sensitive documents at rest, in transit, and in use. Encryption, flexible policies, and granular controls govern how and by whom a file can be viewed, edited, printed, and shared within the organization’s IT perimeter and outside – like in the home office.

 

    1. Protect sensitive files without exceptions.

Does the Enterprise DRM solution you’re evaluating support all industry-relevant CAD and CAE applications? In the automotive industry, support for tools such as AutoCAD, CATIA, or PTC Creo (and many more) and a broad range of PDF file formats is considered essential to ensure future-proof document protection.

 

    1. Protect workflows and productivity.

Some information protection solutions lack centralized policy management. This shortcoming is known to slow down workflows to a trickle, especially when remote contributors are involved. Fasoo combines central control options with flexible exception management. Exception approval for accessing particular documents from the home office, for example, can be delegated to managers or coworkers instead of waiting for IT.

 

    1. Control confidential data wherever it goes.

A supplier’s design engineer working from home is requesting remote access to sensitive documents? With Enterprise DRM, it’s just another day in the office. Gartner analysts describe DRM as “one of the only mechanisms for retaining control of unstructured data transferred to business partners in secure collaboration scenarios.”

 

    1. Control print.

Fasoo takes a printer-agnostic approach to secure printing. This approach eliminates most challenges that commonly arise in remote work environments with home printers or print drivers. It enables data owners to centrally set and manage print rules for printing on-premises or remotely and watermark unauthorized printouts. Fasoo Smart Print also lets you set print protection policies for plain documents not secured by EDRM.

 

    1. Control the screen.

Concerned about a remote team member capturing sensitive data on a screen during an internal Zoom or Skype call presentation? Enterprise DRM provides a screen security component, Fasoo Smart Screen, enabling IT to block and monitor screen capture attempts. For deterrence, it can also imprint documents with a watermark that contains tell-tale user-specific information.

 

    1. Control data without alienating workers.

Fasoo’s centralized policy management enables flexible, people-centric document protection across organizational boundaries. Everyone who needs to can keep tabs on documents’ whereabouts and protection status, without risking privacy complaints and lawsuits from home office workers. Fasoo Enterprise DRM integrates with all leading federated authentication services, enabling IT to automatically revoke access to EDRM-protected documents once an employee leaves.

 

Contact the Fasoo team and find out how others in your industry deploy Enterprise DRM in remote and hybrid work environments.

Image shows wall-mounted home office surveillance camerasRemote work is putting sensitive data at risk. That we can all agree on. Traditional endpoint protection frequently fails. So what about stronger surveillance of remote employees at home? 

*

Let’s monitor the heck out of them, shall we?

That seems to be the approach of some financial services firms whose remote workers handle sensitive financial data and Personally Identifiable Information (PII). Is remote work surveillance a good idea? 

Perhaps, if your organization is craving attention – from the Washington Post, for example – for all the wrong reasons: privacy concerns, lawsuits, alienated employees and contractors. 

“Excessive surveillance,” writes ZD Net’s Owen Hughes, “is having profoundly negative effects on the workforce.”

But does it work?

 

Why monitor employees at home?

You see, that’s the other catch: it may not be worth the effort and expenses. Digital surveillance, warns Tech Target’s ComputerWeekly (UK), may “increase enterprise risk” by “forcing remote workers towards shadow IT.”

In short, excessive work-from-home surveillance doesn’t only erode trust and productivity. It also results in weaker data protection and employees leaving for the competition. 

What’s not to love? Perhaps you agree: pretty much everything, if you value your employees and work culture.

The tips below favor a non-creepy approach that is more sustainable: 

 

5 data protection tips for maintaining trust in the Zero Trust era  

Fasoo’s data-centric security model maximizes document protection – not the surveillance of the people handling them from home. Fasoo enables IT to secure and keep tabs on sensitive unstructured data throughout the document lifecycle, instead of putting employees and contractors under home office surveillance.

  • Stay vigilant; keep watching. 

Fasoo Enterprise DRM lets your organization automatically assign file protection without user intervention at the point of creation. Encryption and policies keep the document secured even when it is shared outside the organization by mistake.

Efficient document protection with Fasoo enables your organization to continuously monitor, log, and flexibly change who’s accessing confidential files and how. 

 

  • Turn your employees’ bedroom nooks into secure print stations.

What would it take, aside from nationwide lease, maintenance, and insurance contracts? The kids giving up their bedroom? A two-camera surveillance system? 

Or, less creepy: You deploy Fasoo Smart Print as your organization’s remote network of monitored print stations. Regardless of which physical or virtual printer is used – including the old inkjet in the bedroom nook – IT remains fully in control.

A granular audit trail includes the text or image of the actual printed content. It ensures visibility into all print activities that involve EDRM-secured documents.

 

  • Intervene when they take a snapshot.

How do you keep remote employees, in the privacy of their home, from using the Print Screen key, screenshots, or a smartphone to take pictures of confidential information?

Install more spyware and observation cameras? Think about the possible impact on your workforce retention rate in the “great resignation” era.

Here’s a less heavy-handed approach that’s more efficient than excessive remote work surveillance. Deploy Smart Screen, Fasoo’s on-screen document protection. It enables IT to block and monitor screen capture attempts. Administrators can monitor all screen capture attempts and even view an image of the targeted areas.

It may be impossible to keep a determined person from taking photos with a smartphone or camera outside a high-security office area or designated data room. That’s why effective deterrence is essential. Fasoo Smart Screen enables admins to imprint sensitive documents with a visible “smart” watermark that contains tell-tale user-specific information.

 

  • Keep tabs on them outside work and after hours.

On your files, that is. Shareholders, customers, and regulators expect you to protect confidential financial information and PII throughout the document lifecycle. Password-based document protection or Data Loss Protection (DLP) solutions, for example, cannot provide this level of security. 

DLP aims to prevent data exfiltration, but files can still make it beyond your organization’s IT perimeter: on a USB stick, for instance, or via a personal cloud storage account.

With Fasoo Enterprise DRM, encryption and policy settings apply regardless of where the document lands and prevent unauthorized access. A confidential file remains protected even in the wrong hands.

  

  • Always and immediately involve higher-ups, IT, and HR… 

…when (former) employees attempt to access specific documents. Sounds ridiculous, right?

Well, that’s because it is. Yet, some Information Rights Management (IRM) solutions expect data owners to relinquish control over individual documents to a degree that poses challenges for organizations with many users and constantly changing roles.

Workflows become work trickles. People find shortcuts. Overall data security suffers.

Fasoo’s centralized policy management capabilities allow for flexible, people-centric exception handling. It integrates with all leading federated authentication systems, minimizing risk when employees change departments or leave the company.

This approach ensures that everyone who needs to be is in the loop about a file’s security – the document creator, supervisors, IT, and HR. No home office surveillance required. 

*

 

Zero Trust makes sense. Until it doesn’t.

Would you make Zero Trust your People & Culture or HR slogan? Let’s face it: You need a Zero Trust strategy to secure your data. As a tagline for your work culture, on the other hand, it would be a less than ideal pick.

With Fasoo Enterprise DRM, you don’t have to sacrifice trust and productivity by setting up remote work surveillance bridgeheads in your employees’ homes.

As a cornerstone of your Zero Trust strategy, Fasoo empowers your organization to maintain its work culture and trust within the team while still ensuring maximum data protection.

 

Contact the Fasoo team to find out more.

M&A Leaks: Image shows a leaking bucketMergers and acquisition (M&A) activities pose major document protection challenges for all parties involved. Leaked or stolen data has caused bidding wars, broken deals, cost millions of dollars in damages, and ruined reputations. How can M&A teams ensure maximum document security without impeding productivity?

*

Merger and acquisition teams typically range in size from a handful of members in smaller or medium-sized organizations to several hundred internal contributors at enterprise scale. That’s on the buyer’s side as well as on the seller’s teams and includes investment banks or Private Equity (PE) firms. 

This headcount, however, doesn’t yet include external contributors. Think research analysts, M&A advisories, outside legal counsel, data protection and privacy compliance consultants, and IT integration specialists. Most of them are involved at one stage or another of the M&A process.

Since the beginning of the COVID-19 pandemic, many internal and external M&A team members have accessed sensitive documents from their home offices. On tight deadlines, they collect, create, review, edit, and share sensitive data that can make or break a deal – or kill it, if that data falls into the wrong hands.

 

M&A activities at an all-time high – and deal leaks, too

The shift to remote and hybrid work is a powerful driver behind banks and their corporate clients leveraging enterprise-level Digital Rights Management (DRM) to secure M&A-relevant unstructured data. The reasons quickly become clear when we look at a real-life example. 

A global automotive component manufacturer is planning with its investment bank the acquisition of a publicly traded semiconductor design and manufacturing company.

Table Overview: Deal Leaks by Sector

Source: SS&C Intralinks 2020 M&A Leaks Report[PDF]

 

It’s high season for M&As, and the planned deal seems like a match made in heaven. Yet from an M&A security perspective, the timing couldn’t be worse. M&A leaks have been spiking recently, according to the SS&C Intralinks 2020 M&A Leaks Report [PDF]. This development means all new M&As face an unprecedented challenge. 

 

The challenge: Remote work amplifies M&A security risks

We’ve highlighted document security risks for banks and financial firms resulting from remote work before. The threat level is even more elevated for members of the extended M&A team who work from home. Preparation and execution of most mergers and acquisitions involve a wide variety of confidential documents – in some cases, thousands of them. 

Niche vendors of M&A tool platforms tout the cloud-based Virtual Data Room (VDR) as the solution. Such “deal rooms” have become a fixture in the M&A space. At the same time, data protection experts say that VDRs instill a false sense of security – comparable, perhaps, to standard M&A non-disclosure agreements.

These critics point to the weak – often password-based – security of VDRs and specialized M&A document management systems that can too easily be circumvented. Deal administrators and IT lament interoperability issues with other cloud storage services, as well as manageability and scalability problems.

 

The solution: data-centric M&A security

Enterprise DRM enables IT to strengthen M&A security instead. Fasoo Enterprise DRM, for example, enables data owners to protect confidential content through all stages of a merger or acquisition.

Bar chart: M&A cost distribution, by phase (IBM)

Source: IBM Benchmark Insights: Assessing Cyber Risk in M&A

 

In our example, we focus on negotiations, due diligence, transaction execution, and implementation. These are the M&A stages where data breaches and deal leaks can be most damaging and costly. 

Let’s take a closer look at how the acquirer, its bank, and the acquisition target leverage EDRM to maximize document protection. Enterprise DRM’s data-centric security enables IT and deal administrators to protect, control, and track sensitive data on a per-document basis, on any device, at any time.

 

M&A and beyond: document lifecycle protection

Fasoo encrypts confidential files at the point of creation or before they get uploaded to a VDR, for example. This protection applies throughout the entire document lifecycle, regardless of which M&A platform any contributing organization may be using.

 

  • Negotiations: Centralized policy management enables M&A data owners and deal administrators to remain in control. Fasoo Enterprise DRM lets them flexibly adjust who can access, edit, print, or share sensitive content – including remote workers.

    This phase usually involves a high amount of various
    Microsoft Office document formats and Adobe PDF files. Dynamic permission control enables deal administrators to assign and revoke file access permissions for reviewers on a temporary basis, for example, to facilitate more than one bidding round.

 

  • Due diligence: In our example, the due diligence document list includes (among others)  intellectual property (IP) files, tax records, financial planning P&L documents, electronic design automation (EDA) diagrams, facility blueprints, tax filings, HR records, and all sorts of legal PDFs.Throughout the document review process and beyond, data owners and deal administrators centrally manage who has access to sensitive content. Context-aware and hardware-agnostic secure print and pull print capabilities prevent the unauthorized printing of Personal Identifiable Information (PII) at a home office printer or in a shared workspace, for example. Secure screen and watermarking features (“Fasoo Smart Screen”) block or deter screen capture attempts across all applications, including in Virtual Desktop Infrastructure (VDI) environments and browsers.

 

  • Post-transaction / implementation: M&A security professionals warn that the post-merger integration of the acquired company with the buy-side is fraught with data protection and compliance risks that can cost the acquirer millions or even billions of dollars. Data breaches are one main reason for the high M&A failure rate.In our example, the acquirer already has Enterprise DRM in place across its global organization, not unlike this Fasoo customer in the same industry. This means trade secrets, personnel PII, even sensitive records exported from databases are automatically detected, classified, prioritized and encrypted when they enter the buyer company’s environment from the acquired company.

During each M&A stage and long thereafter, Enterprise DRM provides persistent protection and consistent tracking. A document usage audit trail keeps IT, compliance managers, and financial regulators in the loop. 

After all, “digital M&A became the new norm” during the pandemic, according to the consultants at Bain & Company. This year, more dealmakers discovered the power of Enterprise DRM. They use it to prevent M&A leaks and data breaches from becoming a new norm, too.

 

Boardroom Data Security starts by protecting board communications and documentsWith so many high profile data breaches in the public eye recently, cyber security is now front and center in many organizations.  Globally cyber attacks and data leaks are daily threats to organizations, reminding everyone that we are all potential targets. Attorneys are warning about potential individual liability for corporate directors who do not take appropriate responsibility for oversight of cyber security while investors and regulators are pushing boards to step up their oversight.  As a result, corporate boards have woken up to the call that they must address cyber security issues on their front lines, as it is no longer just an Information Technology issue.

A “belt and braces” approach to security must stop at the top – boards must start by focusing their own communications and materials as part of their comprehensive cyber risk management. Communications through insecure means, loss or theft of board computing devices, lack or occasional encryption of board communications, and printed copies of board documents can result in loss of intellectual property, client lists or commercially sensitive business data, legal expenses, loss of reputation and time loss.

In this digital age boards must have structures in place to safeguard their information from cyber security threats. Data-centric security can be a sure way to help boardroom materials and communications. By encrypting sensitive board files and applying persistent security policies to protect them regardless of where they are or their format. Below are some of the advantages to data-centric security:

•   Encryption and policy based control of board files

•   Ability to securely share files

•   Granular control of who can View, Edit, Print and take a Screen Capture

•   Ability to limit access time and number of devices

•   Ability to revoke access to sensitive files immediately regardless of location

•   Ability to trace and control user and file activities in real-time

Considering the significant impact posed by a potential cyber breach, boardroom engagement with cyber risk management must be a top priority starting with the securing of the board’s own communications and board materials.

Protect Against R&D Data TheftRecently I was in a meeting with a global pharmaceutical client in New Jersey who told me of the importance they place on their highly secure, centrally managed and monitored persistent security platform to protect against data theft and ensure that their valuable R&D information cannot be lost or inadvertently sent to a competitor.

As the meeting ended, I was informed of the news about the charges brought against five people in the Untied States around trade secret theft inside another global pharmaceutical company. Allegedly a senior level manager at the company was involved in this theft.

Given the global state of business competition, there is a special appeal to the cyber thugs with high-priced or high-demand items. There is an alarming interest in stealing intellectual property, trade secrets and exactly how these items are produced.

A recent Verizon Data Breach Report 2015 identified Manufacturing as the most commonly attacked industry sector for cyber espionage.

Another recent worldwide study by consulting firm PwC and CIO and CSO magazines, “The Global State of Information Security Survey 2016”, provides some alarming indicators of the security threat landscape:

  • Theft of “hard” intellectual property increased 56% in 2015
  • Employees remain the most cited source of compromise
  • Incidents attributed to partners climbed 22%

It is time that organizations with high value data shift their security focus from the perimeter to insider threats to lock down R&D data, intellectual property and trade secrets. Today technology advancements afford a variety of methods for an employee, contractor or a partner to take critical data electronically from an organization. There are many ways for a trusted insider to steal or inadvertently share sensitive data – printing paper documents, copying files to hard drives, downloading information onto a CD or a USB memory stick, and screen captures are a few such methods as examples.

When we add mobility adoption in the workforce and how this adds to the complexity of securing high value data, this task seems almost insurmountable. Targeting and protecting critical value data ensures that a company maintains its intellectual property, R&D work and its competitive edge in the market.

Protecting this data need not be such a daunting task. A data-centric persistent security approach can effectively help you protect and lock down your data.

Paper Printouts and Prevention of Employee Data TheftLast year, a Montefiore Medical Center employee in New York stole names, addresses, dates of birth, Social Security numbers, next of kin information and health insurance details of more than 12,000 patients and used those identities to purchase clothing and other merchandise from some of New York’s finest department stores. The employee printed thousands of patients’ records every day and sold them for $3 per copy to outside accomplices. The hospital had no way of preventing or controlling this activity.

The same year, an employee of the Children’s Medical Clinics of East Texas with a retaliatory agenda to cause damage to the clinic’s reputation, stole and improperly disclosed the confidential data of 16,000 patients by taking paper records from the facility and sending screenshots of electronic patient records to a former clinic employee.

Today increasing regulations and standards for managing sensitive or confidential information are raising the stakes higher and higher. This in turn forces many organizations to look for ways to implement data security to comply with various mandates.  Most organizations secure sensitive information at rest and in motion, but not while in use.

Often missed is the threat gap that exists when sensitive data is used by authorized users, leaving organizations wide open to data theft and compliance violations. Paper printouts in particular presents a very specific challenge in addressing this type of threat in many organizations. A 2015 Incident Response Report by BakerHostetler shows for example that one in five breaches involved paper records.

Employees access sensitive and confidential patient information daily so they can do their jobs. Without a persistent data security measure in place, they can devise creative ways to defeat traditional perimeter based solutions most companies rely on. They can change the name of a sensitive file before printing it to avoid detection by security systems or make screen captures of sensitive information.

There are technologies to help organizations control print activity and to prevent data breaches. Organizations can easily block printing or require approval prior to printing a document if the document contains sensitive information. Each printout can be forced to contain a visible watermark showing who printed it, including company logo, user name, IP address, time, date and other identifying information. This type of measure allows organizations to know the source of a potential data breach and deters people from inappropriate behavior when handling sensitive patient information.  Organizations can control any physical or virtual printer eliminating problems of using different printers or printer drivers.  When a full audit trail of all print activities is added to the control measures, including the text or image of the actual printed content, organizations can have complete control of their printing environment. Organizations can go even further with their security by preventing screen captures to further reduce risk of exposing sensitive information.

The technology to prevent employee theft and data breaches via paper printouts exists today. It is up to each organization to make the determination to seek out these solutions and put them in place to protect their sensitive and confidential information such as PII, PHI, customer or company specific data.

Photo credit Marcin Wichary

The Dangers of Smart Printer Devices

Printers are definitely not what they used to be a decade ago. They have evolved and are becoming more involved in organizations’ networks, as well as an increase in multifaceted functions that have made them vulnerable and threaten the stability of the entire network. Hackers and insiders have made their case by causing internal and external data breaches through these printers.

Nowadays although there has been a great push to secure mobile devices and their data, organizations neglect to additionally secure their network and internet-enabled printers. The reason this is such a concern now, is that from these mobile devices you are now able to print, scan to email, network drives and scan to web-hosted applications.

“Many hackers will be able to access the entire network through tracking the metadata of printed documents, or by hacking the passcode of the MFP. Whether these breaches are caused by an attack from an unauthorized outsider, or internal factors, such as human error, systems must be put in place to resist disruption to the network,” said Grant Howard, who is Professional Services Technical Manager at Annodata in a recent article regarding that “Smart print devices are an untapped opportunity for hackers…”

In another recent blog post, we proposed that taking a data-centric approach to your security can give you a more complete view on how sensitive data is used in your organization. Controlling and managing access to printers, secure mobile printing and tracking and auditing usage are three challenges that come to mind when it comes to securing printers. These three challenges must also be part of this solution.

Some of the key benefits of secure printing are as follows:

· Increased document security – avoids unauthorized use

· Increased user mobility and productivity – print anytime, anywhere securely

· Improved accountability – tracking printer usage for auditing purposes

With these protective measures, Fasoo ePrint provides an effective yet secure print management solution.  If Fasoo ePrint detects sensitive information in a document, a predefined policy can block printing. It controls and traces printed documents on your existing printers, so you can continue to use your current output devices.

When used with Fasoo Enterprise DRM solutions, it extends the security area and provides stronger protection for personal information maintained within organizations. This then provides a wider range of solutions to protect not only your printouts but also you data.

With this solution out there and ready to be implemented, it is time to mitigate and eliminate the risk of data breaches through printers as there are already too many making headlines that could have been avoided with this solution.

 

Photo credit by: Phil Campbell

Reducing Data Breaches through Printing ErrorsWe’ve heard of data breaches by insiders but not in the way of printing errors. Although between the two kinds of insider threats, malicious and by accident, this is considered by accident, this can be a big headache for organizations. Whether it is leaving printouts of sensitive data on the printer unattended after printing or printing errors due to human error, this can all lead to data breaches.

In a recent article, a health care organization had to alert 4,000 patients that their personal data had been exposed due to a printing error. What should have been a fairly easy printing job mistakenly put one unique patient’s information on one side and another patients on the back page, which should have been a notice to explain new rules regarding a certain type of medicine. Unfortunately, mistakes occur, and when that employee mistypes or prints the wrong document, a major data breach can occur.


However, with the right policies and print security solutions in place these types of data breaches can be avoided. Although training on policies can help, it always comes down to protecting the data itself, as human error continues to happen. Providing a secure print environment within the organization can be provide with the best solutions.

The average employee prints about a couple of tens of thousands pages per year and in some cases a quarter of them are printouts that an employee did not intend to print. With the right protective measures and even cost cutting features, you can have an effective yet secure print management solution.

When using such solution as Fasoo ePrint, which can detect sensitive information in a document, provides a predefined policy that can block printing as well as control and trace printed documents on your existing printer, it extends the security area and provides stronger protection for sensitive data maintained by organizations such as hospitals. This solution can also detect sensitive information from files that are going to be printed and either block or request that approval from senior level managers prior to printing the document. In this situation, this feature would’ve been a great to stop the data breach from happening.

By following the privacy regulations that require this kind of personal information to be properly controlled and secured, protect the data of this information with secure print solutions provided by Fasoo.

Photo Credit by: Mary-Lynn

Categories
Book a meeting