A guide to understanding the implications of GDPR on print and document management

Similar documents
GDPR: Get Prepared! A Checklist for Implementing a Security and Event Management Tool. Contact. Ashley House, Ashley Road London N17 9LZ

NEW DATA REGULATIONS: IS YOUR BUSINESS COMPLIANT?

UNLOCKED DOORS RESEARCH SHOWS PRINTERS ARE BEING LEFT VULNERABLE TO CYBER ATTACKS

WHITE PAPER. The General Data Protection Regulation: What Title It Means and How SAS Data Management Can Help

EU GDPR & NEW YORK CYBERSECURITY REQUIREMENTS 3 KEYS TO SUCCESS

File Transfer and the GDPR

Security-as-a-Service: The Future of Security Management

White Paper. Why IDS Can t Adequately Protect Your IoT Devices

Print security: An imperative in the IoT era

General Data Protection Regulation (GDPR) The impact of doing business in Asia

CYBER RESILIENCE & INCIDENT RESPONSE

Cyber Review Sample report

An overview of mobile call recording for businesses

GDPR: An Opportunity to Transform Your Security Operations

Security Awareness Training Courses

Data Sheet The PCI DSS

Getting ready for GDPR. Philipp Hobler EMEA Field CTO Global Technology Office Dell EMC Data Protection Solutions

Best Practices in Securing a Multicloud World

Data Management and Security in the GDPR Era

Security Operations & Analytics Services

EU GENERAL DATA PROTECTION: TIME TO ACT. Laurent Vanderschrick Channel Manager Belgium & Luxembourg Stefaan Van Hoornick Technical Manager BeNeLux

Secure your. printing and imaging. fleet. HP JetAdvantage Security Manager helps protect your

BHConsulting. Your trusted cybersecurity partner

Guide to Cyber Security Compliance with GDPR

Managing Privacy Risk & Compliance in Financial Services. Brett Hamilton Advisory Solutions Consultant ServiceNow

Fabrizio Patriarca. Come creare valore dalla GDPR

Data Privacy in Your Own Backyard

GDPR: A QUICK OVERVIEW

Altitude Software. Data Protection Heading 2018

Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.

CONTINUOUS COMPLIANCE. Your next cloud compliance audit could be your last. With LayerV s Continuous Compliance Service you re covered

Google Cloud & the General Data Protection Regulation (GDPR)

Delivering Integrated Cyber Defense for the Cloud Generation Darren Thomson

Aon Service Corporation Law Global Privacy Office. Aon Client Data Privacy Summary

HIPAA Compliance Assessment Module

Big data privacy in Australia

AUTOTASK ENDPOINT BACKUP (AEB) SECURITY ARCHITECTURE GUIDE

General Data Protection Regulation

Are we breached? Deloitte's Cyber Threat Hunting

How WhereScape Data Automation Ensures You Are GDPR Compliant

MEETING ISO STANDARDS

Using Threat Analytics to Protect Privileged Access and Prevent Breaches

IP Risk Assessment & Loss Prevention By Priya Kanduri Happiest Minds, Security Services Practice

Getting ready for GDPR

Incentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO

Version 1/2018. GDPR Processor Security Controls

RSA Solution Brief. Managing Risk Within Advanced Security Operations. RSA Solution Brief

IBM Security technology and services for GDPR programs GIULIA CALIARI SECURITY ARCHITECT

Run the business. Not the risks.

Conducting a data flow mapping exercise under the GDPR. Presented by: Alan Calder, founder and executive chairman, IT Governance 4 October 2017

Accelerate GDPR compliance with the Microsoft Cloud

eguide: Designing a Continuous Response Architecture 5 Steps to Reduce the Complexity of PCI Security Assessments

SIEMLESS THREAT MANAGEMENT

The power management skills gap

Improve your security based on facts

IBM services and technology solutions for supporting GDPR program

Lead Forensics Software Data Compliance Policy

WHITEPAPER HEALTHCARE S KEY TO DEFEATING CYBERATTACKS

DIGITAL TRUST Making digital work by making digital secure

Print security: An imperative in the IoT era

Data Protection and GDPR

CYBER INSURANCE: MANAGING THE RISK

ForeScout CounterACT. Continuous Monitoring and Mitigation. Real-time Visibility. Network Access Control. Endpoint Compliance.

INTELLIGENCE DRIVEN GRC FOR SECURITY

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

BHConsulting. Your trusted cybersecurity partner

Xerox ConnectKey. The ecosystem for workplace productivity.

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

Service. Sentry Cyber Security Gain protection against sophisticated and persistent security threats through our layered cyber defense solution

General Data Protection Regulation (GDPR) NEW RULES

GDPR Update and ENISA guidelines

National Cyber Security Operations Center (N-CSOC) Stakeholders' Conference

Xeretec Scan to OneDrive Secure and Convenient

Cybersecurity Considerations for GDPR

SECURITY. Konica Minolta s industry-leading security standards SECURITY

What It Takes to be a CISO in 2017

Complete document security

hidglobal.com HID ActivOne USER FRIENDLY STRONG AUTHENTICATION

SRM Service Guide. Smart Security. Smart Compliance. Service Guide

ForeScout ControlFabric TM Architecture

ALIENVAULT USM FOR AWS SOLUTION GUIDE

SECURITY SERVICES SECURITY

IT Security Mandatory Solutions. Andris Soroka 2nd of July, RIGA

2017 Annual Meeting of Members and Board of Directors Meeting

IT Security Training MS-500: Microsoft 365 Security Administration. Upcoming Dates. Course Description. Course Outline $2,

Swedish bank overcomes regulatory hurdles and embraces the cloud to foster innovation

Information Security Controls Policy

General Data Protection Regulation: Knowing your data. Title. Prepared by: Paul Barks, Managing Consultant

THE NEW EU DATA PROTECTION REGULATION: WHAT IS IT AND WHAT DO WE NEED TO DO? KALLIOPI SPYRIDAKI CHIEF PRIVACY STRATEGIST, EUROPE

UK Permanent Salary Index November 2013 Based on registered vacancies and actual placements

ngenius Products in a GDPR Compliant Environment

SECOPS: NAVIGATE THE NEW LANDSCAPE FOR PREVENTION, DETECTION AND RESPONSE

Information Security: the heart of the paperto-digital. 14 th September 2017

SHELTERMANAGER LTD CUSTOMER DATA PROCESSING AGREEMENT

CLOUD ANALYTICS: GIVING YOU THE WINNING HAND

NEXT GENERATION SECURITY OPERATIONS CENTER

The Quick-Start Guide to Print Security. How to maximize your print environment and minimize security threats

Samsung SecuThru Lite Cost-effectively print documents without risking sensitive data

CloudSOC and Security.cloud for Microsoft Office 365

Vulnerability Assessments and Penetration Testing

Transcription:

There are better ways to ensure your documents and print are GDPR compliant A guide to understanding the implications of GDPR on print and document management

What is GDPR? f f General Data Protection Regulation Comes into eect on 25th May 2018 f f Aects how organisations process personally identifiable information Organisations must now demonstrate they have taken the correct, pre-emptive actions to protect personal data appropriately Additional emphasis on putting procedures in place to detect and investigate personal data breaches as well as the legal requirement to report them within 72 hours f f Failure to comply may result in a potential fine of up to 4% of annual revenue or 20M whichever is the lesser figure IDC found that over 50% of IT decision makers thought GDPR excluded print 1 Areas to consider: With many organisations still reliant on printing, scanning and faxing to support key business processes, it is essential that any meaningful measures towards GDPR compliance must take into account protection of networked printers and MFPs. End point Security Networked printers and multifunction devices (MFDs) are often overlooked when it comes to wider information security measures. Yet these devices store and process data, and as intelligent devices have the same security vulnerabilities as any other networked endpoint. With Quocirca s recent research revealing that 61% of large organisations have admitted to a print-related data breach 2, organisations cannot aord to be complacent. Today s smart MFDs have evolved into sophisticated document processing hubs that in addition to print and copy, enable the capture, routing and storage of information. However, as intelligent networked devices, they have several points of vulnerability. A printer or MFD could be regarded as an Internet of Things (IoT) device and as such, left unsecured, is an open door into the entire corporate network.

As critical endpoints, printers and MFDs must be part an overall information security strategy. This should ensure that all networked printers and MFDs are protected at a device, document and user level. This means, for instance, that data is encrypted in transmission, hard drives are encrypted and overwritten, and devices are protected from malicious malware. Given the complexity of print security in large organisations, particularly those with a diverse fleet, Quocirca recommends the first step for companies is to undertake a comprehensive security assessment to understand the internal and external risks and the risk of unprotected data on printer/mfds 2. Organisations should select vendors that can address both legacy and new devices and oer solutions for encryption, fleet visibility and intelligent tracking of all device usage. A common misconception is that endpoint security is suicient for GDPR compliance. But to protect personal data you must consider how documents are being printed, how documents are moving around your organisation and how employees are sharing them. Print Management Print management solutions not only provide the means to print securely, but also provide: The ability to release print jobs in a secure manner based on user authentication The flexibility and convenience for users to collect print jobs from any enabled device The ability to track and report on usage providing accountability Job detail masking which means sensitive print jobs are invisible Content checking and redaction before documents are printed protecting sensitive data Ability to prevent unauthorised access to devices It is also worth considering USB printing devices, these are typically located in private oices of senior sta. Although usually more diicult to access, they too should be considered with GDPR in mind. Xeretec oers a portfolio of print management solutions including: Equitrac, PaperCut and SafeCom. Our experienced technical team can advise on which solution will best suit your business needs.

GDPR demands the right to be forgotten. Scanning solutions have the ability to identify and remove key words, phrases and patterns with a full audit trail. Scanning and document management Fax solutions We all know email is not particularly secure and it creates duplicate versions. However, Scan to Email is the most popular scanning function on an MFD. This can result in your business documents being in multiple places with no audit trail or visibility of who has access. Document management solutions allow users to send and store documents directly to centralised folders or to individuals. Xeretec oers a portfolio of scanning and document management solutions including: DocuShare, AutoStore, ecopy and Output Manager. Government, finance and healthcare are sectors that still rely heavily on fax. Often incoming fax transmissions from or to traditional fax machines will result in unattended documents. Secure fax solutions send and receive faxes directly to designated individuals removing the risk of unattended printed output. Xeretec oers a highly recommended fax solution XMedius.

Important steps to take: Assessment In order to identify potential risk areas, we would recommend undertaking a full security assessment of the printer infrastructure to identify any security gaps in the existing device fleet. This should be part of the broader Data Protection Impact Assessment (DPIA) that an organisation may conduct internally or using external providers. Recommendations can be made for ensuring all devices use data encryption, user access control and features such as hardware disk overwrite (erasing information stored on the MFD hard disk). Also, look to use endpoint data loss prevention (DLP) tools at this stage to gain insight as to what information could be transferring via an MFD (for instance scanning personal information via the MFD to email or cloud storage). Our in-house software development team have developed a dynamic business analytical platform called Vision to provide you with a detailed view of your print environment, without the need for endless spreadsheets and reports. It combines analytics with powerful what if scenarios that enable Vision to easily identify ineiciencies and provide solutions for a more eective Managed Print Service. Monitoring and Reporting In order to monitor and detect breaches, ongoing and proactive monitoring ensures devices are being used appropriately in accordance with organisational policies. More advanced print security controls use run-time intrusion detection. Integration with Security Information and Event Management (SIEM) systems can help accelerate the time to identify and respond to a data breach, which is key to GDPR compliance. You could also consider third-party managed services support in order to streamline data logging and security intelligence gathering. GDPR s demanding reporting requirements can be addressed through reporting usage by device and user. This will highlight any non-compliant behavior or gaps in controls so that they can be identified and addressed, and allow audit trails to be created to support the demonstration of compliance. Conclusion If you are just considering end point security as part of your GDPR compliance plans you may be overlooking areas that put your business at risk of a breach. Our technical team can help you proactively assess your security, print and document management processes and recommend solutions to address potential risks. Ultimately print and document security is part of a broader GDPR compliance exercise, and it is vital that organisations act now to evaluate the security of their print infrastructure.

For more information: Please visit http://bit.ly/xeretecgdpr info@xeretec.co.uk For more general information about GDPR visit: https://ico.org.uk/for-organisations/guide-to-thegeneral-data-protection-regulation-gdpr/ Xeretec is a leading integrator of digital print hardware, software, solutions and services, supporting the print needs of businesses across the UK, Ireland and Western Europe. Established in 1991, Xeretec has grown to become both Xerox s largest UK managed print service provider and its largest reseller in Western Europe in terms of scale, enhanced Managed Print Services and heavy and light production print technology. Xeretec Ltd Xeretec Ltd @Xeretec Xeretec 1 -IDC GDPR Awareness and the Role of Print #EMEA42691517 (June 2017) 2 - Quocirca: Managed Print Services Landscape, 2017 xeretec.co.uk 0800 074 8136 2018. Xeretec.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback