The acceleration of the Internet of Things is opening up greater opportunities in business to collect data from interconnected devices that can be analyzed to optimize product and service development, as well as business operations. For example, sensors deployed across the electricity grid can help utility companies monitor energy usage and adjust generation and distribution flows to meet demand.
Businesses are also moving to a mobile-first environment, driving greater productivity but leading to device proliferation at the same time. These changes provide fuel for growth but also come with security vulnerabilities that businesses should address now to ensure compliance with looming data protection regulations.
New regulations require going beyond the firewall
Today, security is far more than just a firewall. Firewalls can no longer offer sufficient protection in the face of increasingly sophisticated cyber attacks. Today, to be secure requires multiple layers of protection on every single endpoint. Regular monitoring, analysis, remediation, and reporting through a Security Information and Event Management (SIEM) tool ensures that if a breach does occur, it can be responded to immediately.
From 2018, regulations like the EU General Data Protection Reform (GDPR) increase the requirements placed on businesses to ensure every device in their network is secure, from PCs to printers and mobiles. Importantly, the EU GDPR is applicable to businesses on a global level if they collect data from EU residents.
Businesses must monitor and assess each device to detect breaches in security and enable them to meet the reporting requirements of the new regulation and address the impact on their business. If compliance audits discover devices are under-secured or that breaches have gone unmonitored and unreported, businesses can be fined up to €20 million or 4 percent of global turnover, whichever is higher.
Eighty-two percent of businesses experienced a data breach in the last 12 months, according to recent research by Spiceworks.1 Despite the clear and present danger, businesses continue to operate with network weaknesses as a result of under-secured devices, such as printers, left unmonitored.
Printers are all too often a low priority when it comes to IT security policies. Just 16 percent of businesses consider printers as a high risk device, compared to desktops and laptops (65 percent) and mobile devices (61 percent). The truth is, however, that printers are just as vulnerable as every other endpoint device.
In addition, IoT devices are commonly under-protected. With these new regulations, corporations will be required to do much more to protect the personal information of their customers by going beyond the firewall to ensure every endpoint—including mobiles, printers, and Internet of Things devices, like CCTV cameras, are secured as part of a multilayer security plan.
Ensure your endpoints are compliant in 4 steps
There’s never been a better time than now to ensure your endpoints are secure and compliant with the pending regulatory requirements.
- Conduct an infrastructure audit. Your IT team should begin by conducting an in-depth audit of your entire network, including all hardware and software endpoints. Nothing in your infrastructure should be left untouched-from mobile devices to printers. As part of this audit, your IT team should identify what is and what isn’t on your network and ensure it is authorized.
- Set up security awareness and training. Set up security awareness and training programs to ensure your employees understand the importance of handling sensitive company data on every endpoint they use, from their personal devices to peripheral devices and printers. Employees may not be aware of the high risks that come with printing sensitive information and forgetting to pick it up—a common occurrence in today’s offices.
- Detect and address higher-risk departments. Carry out an assessment to determine which departments in your organization handle the most sensitive data and, therefore, pose the greatest security risk as a result of the type of information generated. Strengthen the security levels around the devices used by these departments.
- Implement robust compliance policies. Ensure your IT department has a robust set of compliance policies to secure every endpoint device connected to your network. Your compliance policies should include endpoint security as a key layer of protection.
Other considerations for printer security compliance
If your printers and peripheral devices aren’t secure, your network is not secure. Ensure your business is compliant by considering the following policies when it comes to securing your printers and peripheral devices, and don’t forget to examine them for best practice protection.
- Do you have an acceptable authentication policy? Who is authorized to copy, scan, and digitally send a document? Do you set unique administrative passwords by device? Can users access device configuration from the front panel of a printer?
- Do you have a data encryption policy? Is your IT configured to encrypt data as it is transferred to and from multifunction printers? Is data encrypted from a mobile device to the printer?
- Do you have a remote access policy? Are your printers openly connected to the internet? Do you authenticate users before they send a print job from a mobile device?
- Have you carried out an inventory of all your current technologies and endpoint devices? You can’t secure an endpoint if you don’t know it’s there. Ensure you know every endpoint to feel confident you haven’t left any device unsecured.
New regulatory requirements are stricter than ever, as they aim to provide consumers with even greater protection in the wake of the most destructive attacks in recent times. It has never been more important to secure every endpoint in your network with layers of protection to meet these requirements.
- HPI Printer Security Research, Spiceworks 2015