It seems like data breaches or other security issues are always in the news today. Household names like Equifax, Target, TJ Maxx and Yahoo have all been breached and suffered substantial costs to (attempt to) rectify these very public examples.
Yet breaches continue to occur, even despite advancements in technology and much more investment in security products, services and personnel. While it may be true that the bad guys will always stay a step head, it’s also possible that many companies have not done enough to assess their overall risk.
Keeping information safe is one thing and is challenging enough. Yet doing it while complying with industry regulations (such as GDPR) is even more difficult. To improve, organizations should first assess their overall environment, including possible threats and vulnerabilities, and then attempt to quantify their overall risk exposure.
The result of this provides a risk-based framework that will help any company better communicate and collaborate on information security efforts. Such a framework can also help businesses design, monitor and measure specific goals for improving its overall security. Focusing on risk helps drive security priorities and decisions – all to help ensure that sensitive data is as secure as possible.
Steps toward risk mitigation
Once an organization has quantified and identified the impact of its security environment, it’s time to take steps to mitigate that risk. This often includes examining areas you might not first consider when thinking about security, such as paper-based processes.
For example, personally identifiable information (PII) can be accidentally exposed or unintentionally compromised every time a document or form is copied, scanned, printed, faxed or emailed. This can happen using an analog fax machine, multifunction printer (MFP) or even a mobile phone or tablet.
Paper output can be nearly impossible to track and control and is not completely eliminated by electronic processes. As a result, the risk associated with paper might be higher than you think.
What can be done?
What can you do to get started? When it comes to security involving paper documents (printing, scanning or faxing), make sure you address potential security vulnerabilities with questions like:
- Can anyone (including a visitor) walk up to your copiers and use their functions?
- Are print jobs ever left unattended?
- Is your scan and print traffic encrypted?
- Do you maintain an audit trail of print, copy, scan, fax activity: Does this include such information as who, what, when, where, and how?
Surprising security tools
What is clear is that your organization must control and protect both the physical and electronic access points of their MFPs. If this sounds intimidating, or you don’t know where to start, we have some good news.
Now document capture and workflow and print management solutions can help secure sensitive PII information by adding a layer of security and control to paper-based processes such as printing, even storing confidential information. For example, these solutions can authenticate users, control access to workflows and documents, help control documents with PII and other sensitive data and even maintain audit trails of all user activity.
If you’re interested in more information on security, please stay tuned for our upcoming article that will outline how any organization can rely on conventional technology (print, capture, PDF and OCR) to overcome its security challenges.