With the start of the new year we all lay out our plans and resolutions for 2018 both personal and organisational. This year all businesses across the EU will have another objective imposed on us, which is to have our organisations GDPR compliant by May 2018.
What is GDPR?
GDPR is (General Data Protection Regulation) designed by the European Commission to create a uniform mandate for every EU/EEA member state on the protection of personal data held by an organisation in the event of a data breach.
Types of data covered
Names, identification numbers, addresses, income details etc. Metadata attributed to any individual can also include (but not limited to) ethnicity, political views, religious beliefs, health, biometric data and sexual orientation, all of which must be protected.
How does this effect my organisation?
As stated above, the regulations are there to cover how data has been protected in the case of a data breach. Has your organisation taken steps to mitigate the risk of data breach through their employment of technology and the procedures in place when handling personnel data?
Data breach what are the risks?
Depending on the nature of your business sector, the data breach risk will vary in relation to GDPR. For example, if you are in the healthcare industry and you have patient record information your compliance requirements will be extensive. If you are an SME you will mainly be holding customer and employee data. You will need to protect this information. There is no fool-proof plug and play office security solution. Every business has to determine what represents an acceptable level of risk.
You may feel that the data you have within your organisation is not important enough to be at risk of being targeted by cyber criminals. However, with the rise of ransomware attacks, phishing emails and the latest security flaw in intel processor chips. It has become imperative for all companies to review their cyber security procedures and the technology they have in place to prevent or minimise risk of data breaches and thus avoid large GDPR fines associated with them.
So how can we help?
If you have an IT services supplier you will already be talking to them about your security protocols in your organisation e.g. firewall, data encryption on your network or in the cloud, user logon procedures and rights determined by your active directory.
With the expansion of digitisation of the workplace and the development of the multifunctional device (MFP) your copier, printer, scanners functionality and importance in the workplace has increased 10-fold in recent years and has become responsible for a large proportion of business data input, output, transfer and storage. This makes it a potential risk for data breach through cyber-attack or human interaction.
Gannon Office Solutions I/O (Input/Output) hardening audit can help uncover any inherent risks in your print and scanning devices and your associated workflows. We can provide you with cost effective solutions to help mitigate risk and form part of your GDPR compliance program.
Where are the risks with my multifunctional device(MFP)?
Below is just a sample of the type of risks and the technologies available that should be installed on your MFP to mitigate those risks.
Hardware
HDD erase functionality
Does your device have a HDD (Hard Disk Drive) in it and if so does it have the ability to perform data-erase? File data and images remain on a HDD even after you perform deletion command. The file will remain on the HDD until a point where it is over written by different data. If you have HDD erase functionality, the device writes over the data after you have printed, copied or scanned from the device with a minimum-security level of 3 times overwrite and up to 27 times overwrite depending on the sensitivity of your information. This means if someone did access your device there is no data recorded on the HDD for them to steal.
HDD encryption
Some MFPs can be used as a file server for storing and sharing information across the network. Obviously, a HDD erase kit or function is not the applicable security solution here, as you need the information to be retained on the HDD. If you are storing information on your device, you need to have the ability to encrypt this information on the device. Manufacturers such as Canon have HDD encryption feature available with their modern devices or as an additional option. This will stop someone who gets access to your MFP’s HDD from accessing any data contained on it.
Both the above features have relevance for your devices end of life cycle as there is no security risk with the HDD when you come to the disposal of your device or when you upgrade. There will be no sensitive information accessible on your device.
Encrypted PDF from scanning
When scanning from your MFP, do you have the option of encrypting or password protecting the PDF you are sending directly from the device? This not only mitigates the risk of the image being intercepted while moving across the network. It also means the document is secure when it reaches its destination and you a have a secure workflow in place.
User risk
Is your multifunctional device available to anyone?
Your modern MFP has more in common with a workstation on your network now rather than the printers of old, so why would you not have users log on to the MFP just like a workstation. This allows you to track user’s activity on device and provide you with a record of that activity. It will also allow you to set permissions for users around the devices functionality which would help mitigate risk of data breach or where a data breach occurs, help you to track origin of the data breach.
Secure print environment
Do you have a secure print facility that allows you collect your prints when you are at the device and not allow documents to be left unattended on the exit tray of the printer?
Digital workflow system
How do you store digital data?
Do you have a system which allows easy storage and retrieval of your documents in digital form?
Can you set user permissions for those documents e.g. read only /read-write?
Does it give you version control showing any changes from the original document when it entered the system?
This is the best way for organisations to secure their documents as it is an end to end system with document security embedded at every step. This should be the option we are all moving towards. Gannon Office Solutions can design and supply such system and tailor it to your organisation size and needs.
For more information or to arrange a free I/O device audit.
Please contact Mark Lyons at 087-9141924
email mark@gannonoffice.ie
to learn more about out solutions visit http://gannonoffice.ie/technology