Something as simple as your printing network could turn into a security nightmare under GDPR

Companies operating both within the EU and the UK have until 25th May 2018 to ensure they are fully compliant with new rules set out under the EU’s General Data Protection Regulation (GDPR), governing the protection of data and the security of a business.

Industries of all types have already started shoring up their defences and reshaping the way they handle data, yet all that hard work is likely to be undone by something as seemingly innocuous as a printer.

Print security obligations under GDPR remain one of the most misunderstood areas of the new regulations, potentially creating a blind spot that could not only lead to a data breach, but also substantial fines for non-compliance.

Recent research found that just 50% of companies were aware of the implications of GDPR for their operations. In addition, only 73% felt they were suitably prepared to meet the obligations around print security. What’s perhaps most concerning is that of the 161 organisations surveyed, only 44% had a strategy in place to manage their print environments.

Printing technology has changed rapidly over the past decade, and it’s clear that businesses have failed to keep pace with the emerging security needs. Historically, printing has always been relatively isolated from the wider system, but the push to the cloud has created the need for connected hardware that’s able to handle any task, at any time, from anywhere, in the form of multifunction printers (MFPs).

MFPs are able to print, fax, scan, and copy as an all-in-one service that’s connected not only to a business’s internal network, but also to the internet to access all the various devices used by employees. Today, employees expect to be able to share their work with centralised hubs that save their documents until they’re ready to collect them. As a result, workplace printing has never been as efficient and convenient, yet those sought-after capabilities could in fact present a security nightmare under GDPR.

As with any device that’s connected to the internet, MFPs are susceptible to unwanted snooping. Without effective security protocols, unauthorised users are able to gain access to a printing network and any document that has been sent to a machine. What’s more, most machines also make use of facilities such as scan to email, scan to cloud, or scan to internal storage, which could all be compromised to either steal sensitive data in bulk, or reroute future correspondence to external addresses.

A report by technology analyst firm Quocirca found that only 22% of private organisations said they placed a high priority on print security, despite the fact that 63% of respondents admitted they had suffered a data breach as a result of a vulnerable print network.

The problem is that MFPs rarely have the default security functions to deflect hacking attempts. Default login credentials and unconfigured connection settings are juicy targets for any would-be hacker, and these are typically left unchanged by users.

Aside from the reputational blow a company may sustain from a data breach, the real damage will be felt from the resulting regulatory action. Regulatory authorities, such as the UK’s Information Commissioner’s Office (ICO), are able to levy substantially higher fines against non-compliant companies under GDPR.

Whereas the current maximum fine stands at £500,000, the new rules stipulate that a company could be fined up to 4% of annual turnover, or €20 million, whichever is higher. To put that into perspective, TalkTalk’s £400,000 fine in April, which is the highest a company has faced in the UK, would have been a whopping £59 million under GDPR.

That’s a multi-million pound incentive to make sure you’re protecting every scrap of data being fed into your printing systems.

Maintaining the security of an MFP network is a daunting task. The sheer number of potential weak spots on your system, not to mention the various differences that exist between printer brands, makes performing regular manual checks for vulnerabilities unfeasible.

Our experienced managed print professionals are dedicated in offering all the services and support you may need to ensure you’re compliant with GDPR. Contact us today for a managed print assessment.