Last month Michelle McNickle wrote an article for Healthcare IT News titled, “10 of the largest data breaches in 2012 … so far”. Numerous headlines have showcased some large health data breaches, and according to recent research, the problem is only growing. While the focus of her article is on data breaches in the health care industry, I think that the lessons are relevant to all organizations.
What I found interesting, but not surprising, was that 9 of the 10 largest data breaches were not from external threats, but happened as a result of internal employee actions. It’s easy to get caught up in the sensationalized stories about cyber security threats --- and yes, they are real and must be managed. But the fear of some nefarious hacker operating from a third world country with the objective of penetrating our technological defenses isn’t the most common threat. The most common threats are risks from insiders – through loss of physical assets or by personnel stealing insider information.
The lesson here? Every organization should have a security strategy that balances and manages the risk of both external and internal risks. And when managing internal risks, it takes more than anti-virus software, firewalls, encryption, etc. Security policies should be set up and enforced that protect data end-to-end across the network. A common gap in many organizations is that the security policy does not include network printers --- which now often have as much computing power and storage as PC’s. If the greatest threat is truly the insider threat, isn’t it a mistake to leave printouts unattended, or not encrypt the hard drives of multifunction devices, or not encrypt print data sent across the network, etc?
I’ve blogged previously about the most common risks and solutions for a secure print environment, “Your imaging and printing environment may put sensitive data at risk” so won’t repeat those details here. I do recommend that you take a look at your organizations security policy and ensure that it encompasses your print environment as well as other computing devices. Here’s how you can get started:
Conduct a security self-assessment -- These tools will help you identify lapses in printing security within your environment:
- HP Security Action Plan for Imaging and Printing– This tool walks you through a self-assessment, helps you understand what security should be in place and explains how to implement security best practices and solutions.
- HP Imaging & Printing Security Center -- This solution can quickly assess your fleet against the HP Best Practices checklist or your defined corporate policy & identify your risk level.
Security Assessments by the experts
Form security to cost savings, HP Managed Print Services (MPS) will evaluate your current printing systems and equipment, review your security plan and analyze potential security breaches across your organization. After the assessment, HP can implement the security policy created through your assessment and continually monitor to ensure security remains at the level you require.