NHS Print Security - 6 things to remember
Brother's Frazer Whitehead shares his 6 tips on how to protect your print solutions.
Given the sensitive nature of the information handled by the health service, security will always be a number one priority in the sector. The recent global ‘ransomware’ attack that affected the NHS only served to reinforce the idea that the quality of encryption and security on devices handling confidential data needs to be of the very highest standard and the print environment is no exception.
The potential for security breaches – accidental or deliberate – means that now, more than ever, both staff and patients alike need to be able to trust the systems that are in place.
With that in mind, here’s my rundown of the key things to remember when it comes to protecting your print solutions.
1. Don’t ignore that ‘open door’
The cyber security threat landscape has widened in recent years. Any cloud-based device is at risk so endpoint security is absolutely vital. Today’s multi-function printers offer unparalleled convenience but if they aren’t properly protected they are just as susceptible to viruses and hackers in much the same way a PC is. It’s an open invitation.
I’ve seen some organisations go to great lengths to make sure their company smartphones, laptops and desktops are secured but, conversely, neglect their print security. When you consider how common printers are in offices, as well as being used by remote workers in their homes, it’s always surprising to me just how little attention is often paid to making sure they are correctly secured.
Never underestimate just how far hackers will go to cause disruption.
2. Lock it down
In my role, I run a lot of print audits and something I’ve seen on numerous occasions is that print solutions often aren’t ‘locked down’. By this I mean that anybody can access the settings on a device allowing them a clear run at sensitive information and the ability to change IP details, for example. The only personnel who should have this level of access is the IT manager - but that’s not always the case.
My advice is to look at your printer the same way you’d look at a computer – in many ways that’s what it is. They are connected to the network, web-enabled and have their own memory storage so they should be afforded the same level of security attention as the rest of your IT infrastructure.
3. It’s not just about documents and data
In my experience in the world of print security, a lot of focus tends to be placed on documents and data - which is only right. After all, a confidential document accidentally left lying on a printer tray or improperly disposed of, could have huge implications. However, it’s also important not to forget to pay due diligence to the actual physical hardware itself. Make sure all printers are wrapped up in your overall information security policy and procedures. Is your entire fleet located behind a firewall for example?
Your IT department should have full overview of all networked devices. Should anything go wrong, the same security measures should be able to be rolled out efficiently across your network to prevent further damage.
4. Invest in limited access
One of the most common ways to ensure the limited access to private documents is to implement user authentication. This will reduce the chances of printouts being left in printer trays and most commonly comes in the form of a PIN ID or swipe card. When a job is sent to the printer it requires the person who sent the job to physically go to the printer and enter their PIN to collect their output.
This helps protect the printer integrity and its network access.
5. Your hard disk may be at risk
Hard disk encryption is an extra layer of security that I’d say is imperative too. This means that data stored in the device itself is useless to anybody who tries to retrieve it. At Brother our standard security features cover authentication (active directory, LDAP, secure print, secure function lock), network (IP-Sec,IEEE 802.1X, SSL, SNMPv3) encryption (SSL) and scanning and workflow (secure PDF, scan to SFTP, scan to FTPS). Brother devices also have a flash memory. This means they can only hold a certain amount of data which is deleted as soon as it’s printed. You should ensure your devices meet these same standards.
Consider your mobile printers as well because they often also have either hard drives or removable SD cards so these will also need to be encrypted because they’re just as susceptible to security breaches.
6. Speak to the experts
Consider partnering with a managed print service (MPS) provider. Part of their offering should be to constantly evaluate the service they provide – including security. A good partner will continually monitor, adjust and learn from your needs. If you’re offered a security assessment by a potential partner, take it. They’ll be able to pinpoint where the weaknesses are in your network.
An MPS partner will devise a tailored security plan specific for your devices, user access and end of life/disposal. They will also help you navigate the often complex and diverse print environment so that you don’t have to worry about what is being printed, by who and where.
Ultimately, I think it’s fair to say that print security demands a comprehensive approach, but it’s certainly worth it in the long run. It could potentially be saving your organisation a lot of money, not to mention minimising the reputational damage a cyber attack can do.