by Eric Crump, Ringdale
Since 2018, global organizations have been subject to more stringent data privacy protection regulations and are now open to significant non compliance penalties. In particular, the General Data Protection Regulation (GDPR) has had a significant impact on the international compliance landscape, and has been the “blueprint” for a number of new or updated regulations in North America including CCPA (the California Consumer Privacy Act) and PIPEDA (Personal Information Protection and Electronic Documents act, for Canada).
Even though these data privacy regulations are being put into place, and over $475 million in fines issued, there appears to be no reduction in the number of data breaches in relation to consumer information. In fact the latest figures on the number of reported data breaches in 2019 will be a cause for concern for many healthcare and public sector CIO’s and business leaders. According to research from Risk Based Security, the total number of data breaches reported stands at 5,183. This is an increase of 33% from the same period in 2018, and has resulted in 7.9 billion individual records being compromised.
The insider threat
The changing compliance landscape has incentivized organizations to review their data security plans. However, I believe that many business and public sector organizations may have left themselves vulnerable by concentrating too much attention on malware protection strategies. According to Quocirca’s Global Print Security Landscape 2019, while the top perceived security threat is malware attacks at 70%, in reality, accidental actions of internal users are the most likely cause of security incidents, equalling 32% of all reported incidents.
Interestingly, HP’s recent “Creepers and Peekers” study backs up Quocirca’s stats too, showing that 34% of data breaches last year are caused by insiders (internal users). Staggeringly, the HP study even revealed that 75% would look at unclaimed documents they find left in the print tray. In addition, 40% who see confidential documents in the printer admit they wouldn’t just ignore it, but rather look at it and even save it by taking a picture, making a copy, or taking the document.
This suggests that organizations, now more than ever, need to focus on the growing insider threat, including how they can safeguard against confidential documents getting into the wrong hands, together with protecting their overall print environment.
MPS providers are the solution
The challenge most midsize to enterprise organizations now face is an overstretched IT department and a lack expertise in securing documents and printer fleets. A growing number of end-user organizations are actively looking to work with MPS providers to support their operational needs. In fact, according to the Quocirca report, “Over 62% of organizations are now using an MPS provider to gain access to print management and security skills, which are often lacking in house.”
With 68% of organizations suffering at least one data breach through unsecure printing last year, MPS providers should not ignore the opportunity to differentiate their security services in 2020. Secure print services need to go well beyond pull printing and MPS providers should consider providing differentiated print management services that include:
§ Providing access management for user authentication/authorization to print, copy, and send information electronically from printers and multifunctional products (MFPs)
§ Protecting documents across the network by using industry-standard data encryption at rest and while in motion
§ Forensically inspecting and protecting content including personally identifiable information (PII) — for example, identify credit card and bank routing numbers, social security identification and account numbers
§ Providing accurate activity tracking and document archiving for ongoing audits such as data protection impact assessments
§ Providing comprehensive reporting while leveraging data anonymization to maintain user privacy
I believe independent MPS providers are well positioned for success in 2020, especially if they make security a priority within their MPS portfolio of services. MPS providers can be the trusted provider that secures print environments, protects against the growing insider threat and helps ensure their customers are ready for the evolving regulatory compliance landscape.