We live in a highly connected society where information is available at the click of a button. With this accessibility comes vulnerability. Securing your data should be paramount in your business strategies to safeguard the future of your organization. Preparing now could be the difference in paying dearly later as the average total cost of a data breach according to IBM is $3.86 million. In this blog we will walk you through the benchmark practices organizations can take to ensure their office technology securely handles their data.
Every industry has its own standards and regulations for securing systems and equipment. Within healthcare for instance, Health Insurance Portability and Accountability Act (HIPPA), compliance is the overarching standard while accounting and legal firms both have to adhere to the Sarbanes-Oxley Act. However, there are a few areas organizations of all types should consider when analyzing their communications infrastructure: data security.
Integrated hardware technology
The type of equipment you use in your office will make an impact on how effective and secure your data handling processes are. Multi-Function Printers (MFPs) are valuable because they allow you to complete functions such as printing, copying, scanning and faxing from the same device. Most MFPs will also allow for applications and connectors to be added to their interface for seamless integration with programs often utilized in offices, such as Dropbox, Google Drive and Sharepoint to name a few. Though with these abilities come the necessity for storage and connectivity and the liabilities they can bring.
Securing your data: How to address stored data on MFPs
Stored data can come in forms of scans, print jobs or other data users may save to their device. Data of this variety is often located on the hard disk of the device or in FAX memory where it is accessed to complete the designated job. It is important to have procedures in place for encrypting and overwriting this stored data. With new Kyocera MFP models provided by Copiers Plus, overwriting and encryption are provided standard (optional on older models) through a data security kit and are automatically performed without need of special procedures.
We offer two options of overwriting if a hard disk is present, one is a once overwrite method and the other is a 3-time overwrite (DoD) method. With the once overwrite method, unneeded data is overwritten unless it is in the scenario of system initialization, in which case all areas are overwritten with zeroes to ensure data restoration is not easily accessible.
The 3-time overwrite (DoD) method differs from the once overwrite method in that it complies with the US Department of Defense (DoD) standard. The 3-time overwrite method overwrites areas where data is on the hard disk and fax memory through specific characters, their complements and random characters. Through this more intensive option, data restoration efforts are thwarted even when using high-level deciphering techniques.
Unlike overwriting, encryption deals with the data before it gets stored on a hard disk. Since data is stored on the hard disk, it is possible for it to be leaked or tampered with in the case of the hard disk being stolen unless it is encrypted. Encryption takes plaintext and uses an algorithm and key to create ciphertext. Ciphertext is only viewable in full form if it is decrypted with the corresponding key which is communicated securely to the end destination of the data. Our MFPs utilize AES 256-bit encryption (Advanced Encryption Standard: FIPS PUB 197) to uphold strict adherence to government protocols.
How to address secure sending & retrieval of documents
One of the major vulnerabilities for companies in regard to scanning documents is the lack of an audit trail of what documents are scanned, when and by whom. Implementing procedures for your employees to use a specialized code or proximity card to access your MFP is a great first step to combating threats to your document and data security. We often times are able to utilize the same HID or Proximity cards organizations use to access their buildings to grant access and permissions on their MFPs.
We advise avoiding SMB Protocol (Server Message Block) when configuring your organizations scan to folder functions. This method has been prone to ransomware attacks and Microsoft even recommended users to disable version one of the SMB Protocol. A more secure alternative to SMB Protocol are peer-to-peer applications that rely on an encrypted channel between the MFP and the PC/MAC destination in order to deliver scans.
One of the most secure techniques of sending documents digitally is through secure file transfer. We work with Biscom to provide this solution that is FIPS 140-2 certified and offers AES 256 encryption for data during delivery and at rest. The process is started by the user sending a document through SSL (Secure Socket Layer) and then the processing takes place where files are uploaded, scanned for viruses, encrypted and an email notification is sent. The file is then received through an SSL by the recipient and an email notification is sent to the send with confirmation. This mode not only offers a higher level of security, it also allows for unlimited file sizes when sending, although the sizes allowed can be managed through administrator settings.
Often times organizations will use an analog phone line to conduct their faxing practices. Through this approach, these organizations are at risk of having their phone lines being compromised which could lead to a hacker illegally accessing their network. Kyocera devices are not susceptible to this kind of attack as outlined in this whitepaper produced by Kyocera Document Solutions. Another area of concern is the ability for any user within an organization to walk up to a device without any credentials or permissions and fax out information to any number. Organizations should safeguard their documents and enhance compliancy by having users authenticate at each device and consider limiting the fax numbers permitted to receive faxes.
How users print in an organization is often determined by officers in the company in regards to cost. While managing the cost of printing within your workplace is important and achievable, organizations need to understand the vulnerabilities of what is printed and how those print jobs are accessed. There are countless examples of employees printing documents to a shared MFP and other users picking it up by mistake. This scenario is harmless enough unless that document accidentally picked up contains sensitive material and could jeopardize organizational operations and compliance. With pull-printing, a user will send a print job to an MFP or printer on their network, then upon walking up to the device, the user will authenticate themselves through a code or proximity card that will release the print job. By utilizing pull-printing, an organization can ensure that documents don’t sit unaccounted for and gain an audit trail for all printed documents within the workplace.
Make a plan for data security
While there are many ways organizations can protect themselves from data mismanagement and attacks, the best remedy to data vulnerability is having a plan. If you would like to tighten your data and document security for your organization, we would love to assist you. Our team follows a five-step plan that begins with a risk evaluation followed by laying out what a path to increased security, efficiency and financial flexibility can look like.