Are your printers GDPR ready?

05th March 2018 | Company News | Insights

With the General Data Protection Regulation (GDPR) almost upon us, it’s all the more important to ensure your business’s data is secure – including an often-overlooked area; your printer hardware. With a growing number of devices in our offices network-based, the potential for a threat to the privacy and security of your data has never been greater, and it’s not about to go away.

Although GDPR is primarily concerned with the storage, handling and privacy of personal information, compliance brings with it a number of requirements for technical safety measures to protect the integrity of this data. But it’s not just as simple as buying an off-the-shelf technical solution and immediately becoming compliant, as we’ll discuss in this article.

Why is printer security important?

The more network-based equipment in your office, the more avenues there are into your business systems, and by extension, your data. In order to enable the advanced document mobility functionality, such as scan to network folder, direct mobile printing and scanning and scan to email, it’s necessary that the printers have access to both the internet and the company network. As we’ve seen with the devastating WannaCry attack on the NHS, this can create a vulnerability in your organisation’s security policy – particularly, as in the WannaCry attack, if you’re employing aged devices using deprecated network protocols.

As a network endpoint, an unsecured printer is as capable an entrypoint into your company’s network as a laptop or desktop PC, or mobile device, yet one that is frequently overlooked when it comes to data security considerations.

Your control measures

So, how best to approach printer security? Firstly, it is imperative to prepare an inventory that takes all of your printers into account, wherever they are located, however old, whatever make or model, and however little used.

A full device audit (contact us for a free one!) will ensure that all devices on your network are accounted for, and consolidated, where possible, into larger, more secure workgroup printers. An audit also identifies aged hardware using deprecated protocols which could represent a security risk.

As part of a company-wide security policy, if you can ensure that your printers have in place strong controls to take into account user authentication, data encryption, end-of-life deletion protocols and usage auditing, your print device fleet will be significantly more secure.

User authentication ensures that only the user who requested the print job is able to collect it, preventing sensitive documents being released to unauthorised users. As part of a wider information security policy, access to sensitive data should be restricted to appropriate users, so it’s important to make sure your print policy does not undermine this.

Because of the way that modern printers handle large jobs, most of them have data storage functionality. It’s therefore important to ensure that this data is encrypted to protect it while it’s on the device, as well as there being a robust procedure for disposal of the data, either by a software-based secure drive erasure, or via physical destruction of the drives.

As for usage auditing, this is not only important for cost control and insight expenditure purposes, but because it enables insights into where and with whom a data leak originated, enabling accountability and mitigation where possible.

Printer security is an element of data protection that often goes under the radar within businesses. At United Carlton, our in-house experts have helped over 4,000 organisations manage their printers more efficiently, more securely and with regained control over their usage. To find out how a secure printing system can help achieve compliance as part of a wider contact our team today.