When it comes to the security of printed data, most of us see the highest risk in unauthorized document viewing or removal. Just like there are ways to audit, manage and protect electronic documents, there are ways to manage printed documents, too. So, how can you protect your printed data so that it won’t fall in wrong hands? Are there any additional threats that should be addressed?
Human error - the most common problem
An employee from a company in Brno undertook regular business trips to their subcontractor. Apart from the printers he used in his office, his laptop was also configured to contain several of the subcontractor’s printers. One day, when out at subcontractor's again, his colleague back in Brno got a message from him, saying: “Run to the printer, pick up the document, DON’T look at it and shred it.” What happened is that the employee decided to print a database of personal customer data, but picked the wrong printer to do it.
Similar incidents happen every day in every company. The problem is that when you print a document on a remote printer, it can be accessed by anyone in the organization. And it doesn’t necessarily take a malicious insider for this to become a security threat. Imagine an ordinary employee reviewing some important contracts or management salaries by accident. These situations can lead to problems within the company. When it comes to an internal or external attacker, he/she can very easily take documents from a printer and walk away with them. If you don’t find the documents on the printer, you are more likely to consider it a hardware failure than a security incident.
If you want to prevent such incidents from happening, you should manage the printing of sensitive documents. One possible solution is to use a Data Loss Prevention (DLP) product. It can define which data can be printed on a specific printer and by whom. In the event of unauthorized activity, the system itself logs the incident, notifies the user of the risks and can also block the print. Potential breaches trigger alerts, which are then delivered to the security manager. Another option is to use a print management solution. These products allow document printing only after explicit user authentication (e.g. using a contactless smartcard) on the printer’s interface.
Important documents everywhere
When we do security audits in smaller companies, we most commonly find paper CVs laying all around work desks and tables. They also commonly contain manager notes and comments. In larger companies we see financial documents, contracts and customer data. One time when I was visiting a company as an incognito auditor, I was able to see a document left in a printer in the corridor. It only took me a few seconds to find out that the company wanted to buy a piece of property. I saw the negotiated prices, contact information of all the relevant people, a business potential analysis and the results of an internal SWOT property analysis. If I had had a camera ready, 2 seconds would have been enough to capture this information and walk away with it. In the corridor of a healthcare company, I once found a document while waiting for a meeting. It contained personal patient data and medical history.
When documents containing sensitive data are left in a corridor or other public place, it is mainly a problem of physical security. In order to reduce the risks related to such document exposure, we recommend removing printers from places available for guests or the general public. It is also important to implement and enforce a clear desk policy. The policy itself is not enough, of course – the best practice is to support it with regular trainings and internal audits. When a company already has a data classification plan in place, it can mark important documents with a "sensitive", “internal”, or “top secret” watermark. The employees themselves then also see what data they should be protecting.
Print under control
The most important issue with sensitive printed data is that these kinds of incidents happen very frequently. It is therefore highly probable that they will cause a great deal of trouble if they are not prevented. Just as with information security as a whole, the protection of physical data should be a mix of organizational, physical and technical controls:
- A good first step is to conduct a printing audit. This often reveals security issues – e.g. sensitive data being printed unnecessarily or problems in physical security.
- After the risks are identified, it is logical to proceed with the implementation of security measures – setting up policies, training users, and implementing a print management or Data Loss Prevention solution.
- Just as with other channels of potential data leakage, document printing should be subject to regular audits. A company should then adjust the security measures according to the audit results.
- At the end of the day, you should remember that the employee (user) is the most important part of data security. Companies should work on awareness, motivation and loyalty: without it, having a security incident is just a matter of time.