This paper presents new research carried out by European analysis company Quocirca amongst 150 enterprises with over 1,000 employees in the UK, France and Germany.
Even though organizations are increasingly aware of the damage that can be done to their reputation and customer trust through the misuse or loss of sensitive data, a new report reveals that only 22% of businesses have implemented secure printing initiatives, indicating a low level of awareness of the efficacy of this attack vector.
Accordingly, 63% of businesses surveyed admit to experiencing one or more print-related data breaches.
A Nuance-sponsored white paper published by research and analyst company Quocirca points out that printers are increasingly becoming a security hole for leaking sensitive company or client information. Many organizations are streamlining workflows associated with paper-based documents – either for efficiency, legal or environmental reasons – and the office-based networked and multi-functional printer (MFP) printer is playing a greater role in helping them achieve their document-related goals.
Despite the greater reliance on MFPs and their role in the document lifecycle, many businesses leave themselves exposed to potential data breaches, both policy and device-related. However, some verticals are more at risk than others. When breaking down the 63% of companies that have been breached via printer technologies, 66% of financial services had at least one print-related security breach; but only 16% (under one in four of those) had more than one – indicating that they learned from their mistakes. In contrast, the public sector, where 90% of organizations had at least one breach, 35% (just under one in three) experienced more than one incident.
Quocirca noted that in previous research it found that the top three reasons for print security not being adopted were low priority (92%), unawareness of benefits (71%) and lack of a print security strategy (65%). Many businesses still appear to be unaware about the security risks that MFPs pose, and what solutions are available to mitigate such risks.
«Clearly businesses are not doing enough to protect their printing environment, exposing themselves to the potential financial and legal ramifications of print-related breaches,” Quocirca noted. “Businesses may be working hard to protect electronic data across email, PCs, laptops, mobile devices and USB sticks, however the threat of data breaches remains if the one time any confidential or sensitive information is printed, it is left exposed to unauthorized access.».
«An organization’s information security strategy can only be as strong as its weakest link and, given the continued reliance on printing amongst many businesses, print security is no longer something they can choose to ignore,» the white paper authors said. «Although pull printing is one approach to minimising potential data loss through unsecured printing, print security demands a comprehensive approach that includes education, policy, and technology.».
Comment by Senior InfoWatch Analyst Nikolai Fedotov : «Paper documents are much more difficult to control than electronic. In fact, after the printing automated control becomes impossible. But if we speak about the hand one it is expensive and very unreliable. Modern DLP-systems are able to verify, and control printable documents, depending on the data they contain. But DLP is quite an expensive system.
A cheaper way out is the veto on all printouts. This will reduce the usability, but for the first few years only. After this period paperless technologies become a commonplace and therefore comfortable.
Until the document is in electronic form, it can be controlled automatically, that is, the more electronic documents circulate within the organization the cheaper it is for the company.»