How to keep business information secure across multiple sites

Should businesses be adopting new and existing technologies to keep their information secure and safe from cyberattacks? Martin Fairman of Kyocera offers some expert insights

Read the full article below or read on page 26 in our December magazine

Businesses are increasingly adopting a range of technologies to keep their information secure across multiple sites as documents are printed, scanned and handled, and demand for increased security continues to rise.

 “Companies of all sizes are accelerating the implementation of new technologies, including cloud-print-scan and managed end-point security solutions, in a bid to keep information secure between multiple sites or remote workers,” says Martin Fairman, group sales and marketing director at Kyocera. 

It can be hard to keep up with the fast-developing range of technologies competing to keep business information safe. For example, MFPs pose numerous security risks in the office. These include: 

• Open access to MFP printer trays.
• The option to scan documents to external devices and systems.
• An inability to track and report output information.
• An inability to track and manage the activities of mobile users as mobile working starts to increase.

However, despite these risks, Martin believes that MFPs are key to mitigating internal and external threats, “MFPs offer business a first line of defence,” he says, because MFPs use a number of onboard tools to prevent security risks in the document journey, such as: 

• HDD encryption – prevents unauthorised personnel or hackers from accessing your business’ private information by using cyphers and algorithms to encrypt the MFP drive. These convert a physical disk or logical volume into an unreadable format that can only be unlocked by those with a key or password. 

• USB port lockdown – restricts unauthorised devices from accessing endpoints and sensitive data and prevents data leakage. 

• Firmware validation – by validating the device firmware, MFPs are able to function and communicate with other software running on the device. 

MFP onboard tools provide solutions for the security risks posed in the office – but what processes can businesses put in place if something does manage to slip through the gaps?

The second line of defence

Martin considers secure print release to be business’s second line of defence as it enables users to authenticate themselves at the printer using embedded software on the printer, or via an external device. This ensures that sensitive print jobs are held at the printer until they are ready to be collected by the user with the correct permissions.

Whilst MFPs remain the first line of defence for businesses, Martin believes that the future is in the cloud. “New technology should have a comprehensive cloud offering – a blend of infrastructure and software providing a highly available, secure and scalable hosting platform.” 

Software across the industry is starting to offer the opportunity to print and scan to and from the cloud and a secure data store for business information. To keep your data secure across multiple sites, Martin recommends employing additional tools for security protection. “Businesses should invest in data loss prevention and a managed endpoint solution as an additional layer of security.”

Data loss prevention (DLP) products ensure that users do not send sensitive or critical information outside your business network by classifying and protecting confidential and critical information. This means that unauthorised users cannot accidentally – or maliciously – share data. Businesses are adopting DLP products to meet both data privacy laws and data protection and access requirements. 

In order to adopt a DLP product successfully, your business must:

• Be able to classify, prioritise and monitor data.
• Understand when data is at risk.
• Communicate and develop controls.
• Train and provide guidance for employees.

Managed endpoint (MEP) solutions – a ‘managed endpoint’ does what it says on the tin. It manages and secures an organisation’s endpoints – including desktops, laptops, mobile devices, servers and other devices in the network –  and the management software allows an IT administrator to work from a single console. 

To build an effective MEP, your business must:

• Identify your endpoints by cataloguing and assessing vulnerabilities.
• Build a data access policy for data access, storage and usage.
• Maximise your internet of things (IoT) security by changing passwords regularly, and updating software.
• Encrypt critical and restricted data.
• Enforce a bring your own device policy for your business.
• Implement advanced and automated endpoint protection to adjust to ever-evolving security threats.
• Make sure your staff know how to avoid security risks. 

The implementation of new technologies is accelerating across the industry and, according to Martin, can be beneficial in all areas of business. “A big growth area is the secure automation of document-hungry processes, such as HR and accounts payable, which, typically, involve volumes of sensitive data to be inputted, routed and stored for retrieval by authorised users.”

Agile working has also provided a motive for business to adopt new technologies to protect data and information. Remote networks, and devices used from home, have generated new threats and put customer data more at risk of cyberattacks – and the havoc these attacks create cannot be underestimated, Martin warns. “It is difficult to recover from a data breach in terms of remediation and reputational damage.” 

It is key that you implement measures across your business to protect your data from both internal and external threats. If you don’t act, you may certainly live to regret that decision.