When it comes to security, the key challenge for businesses is knowing the level of risk and where to spend their security budgets to ensure they don’t waste money. I see many organizations in denial about the risk associated with printers and therefore don’t allocate money, time, or resources to their security. This is a mistake, as today’s connected printers carry similar data risks as PCs.
Recognize the risk with printers
Today’s printers are intelligent, connected, and multifunctional. They are also potential entry points for cybercriminals into organizations, and potential leakage points for data out of organizations. Recent developments in botnet malware see internet-connected devices—like printers—increase in profile as potential denial-of-service “bots.”
Until recently, the security community has ignored printers. There are signs of change, especially with the rise of the Internet of Things, with a growing number of audit and security practitioners starting to take an interest.
Be aware of new regulations
The regulations everyone’s talking about are the EU NIS Directive and the GDPR. NIS applies only to those who manage national critical infrastructure and requires organizations to take a risk-based approach—they must assess the risk and deploy controls.
The GDPR is all about the privacy of personal information, and from a security perspective, that means, among other things, establishing controls to mange the data life cycle and minimize the risk of data loss events. Multifunction printers process personal data, too, so don’t overlook this fact when carrying out your personal data audits and planning activities for May 25, 2018.
Balance functionality and security
IT teams are focused on providing users with more functionality for productivity purposes. However, securing devices can limit functionality. There is a constant trade-off between these two vectors. Finding the right balance takes a good understanding of the risks, the business needs, security best practices, and how staff will actually end up using the device. Businesses must work out how to maximize functionality without weakening their security posture—or at least minimizing security risk to a known and acceptable level.
Secure your business with the help of experts
At HP Inc, we advise our clients to consult us when it comes to security and compliance. With our security advisory service, we can help them do more than simply tick the compliance regulation boxes. We know that multifunction devices are only ever as secure as the weakest legacy print application using those devices.
Our practitioners come from the world of cybersecurity and information security, so we know how print security should integrate with mainstream information security. Our practitioners can ensure your business is minimizing risk, while taking maximum advantage of the security technology we provide to protect both your company’s data and your customers data.