This post first appeared on Risk Management Magazine. Read the original article.
Paper is a mainstay of corporations large and small. Even with more organizations relying on technology to streamline workflows, paper is not just surviving, but thriving—according to recent statistics, the average office worker prints 34 pages of paper a day. It is clear that Paper is not going to completely disappear, and that is not necessarily a bad thing. After all, paper is a portable and familiar way to share information, and it is a naturally easier vehicle than a screen for absorbing long-form information. Ironically, the growth in online content has caused print volumes to increase in recent years with more users printing out the online information. Mobile printing in particular is expected to increase for more than 50% of enterprises.
However, with new regulations like GDPR and long-standing data security regulations in place, organizations need to consider the risks of unprotected paper and unrestricted printing. Many companies focus their data security efforts on the digital realm—securing the network perimeter and safeguarding online information. These efforts are needed and commendable, but too often paper is overlooked as a security blind spot.
The health care industry provides a number of painful lessons on how sensitive data must be safeguarded regardless of whether it is electronic or paper-based. In 2014, Parkview Health System in Indiana was forced to pay an $800,000 fine for a HIPAA violation, stemming from the accidental dumping of paper records for thousands of patients from an unsecure truck door. Within the healthcare industry, paper and films have been identified as the most frequent location of breached data.
GDPR is the latest catalyst for organizations to get a more comprehensive handle on overall information protection and security, including paper. GDPR compliance is still in its early days with precedents yet to be set, but paper-based data will be subject to the same security and protection requirements as electronic data. Today, a holistic information security strategy simply must include paper, and while the process may seem daunting, there are three steps to begin:
1. Digitize Paper
Digitization—or moving data from a paper to digital platform—is the first step to minimizing the risk of a paper-based data breach. Of course, data stored electronically is not immune to breaches, but the entire category of physical mishandling like accidental misplacement or loss, is greatly reduced. Increased document digitization has other significant benefits including greater worker productivity with streamlined electronic workflows and reduced printing costs.
2. Leverage Tools for Better Data Protection
Another security advantage of digitized data is the fact that tools like encryption and redaction can be applied to sensitive data housed in digital files. Today, advances in artificial intelligence capabilities enable text identification of words like “confidential” or certain attributes of sensitive data like social security numbers, and automatically encrypt or redact this data. This provides an extra layer of data protection, even if an electronic file accidently falls into the wrong hands through a misdirected email or printing by an unauthorized user.
3. Secure the Multi-Function Printer
For most offices, the multi-function printer (MFP) is an established, seemingly innocent piece of equipment. If not controlled, however, the MFP can be vulnerable to data breaches. Print jobs accidentally left in the print tray put sensitive data at risk of interception. Since many MFPs also offer scan and email functionality, there is also the danger of employees scanning sensitive paper-based information and emailing it to unauthorized destinations, such as personal email addresses. Organizations should consider implementing controls on their MFPs, including functionalities like follow-me printing, which requires a user to be present and authenticated before a print job is released, identification and encryption of sensitive information residing on hard-drives, and “white-listing” destinations allowable for scanned documents to be sent.
Paper does not need to be completely abolished, and it probably never will be, but it is paramount for organizations to manage their paper workflows to ensure their data is safeguarded amid a growing sea of information protection legislation and security risks. Organizations that get a better handle on paper will likely notice other significant benefits as well, including more efficient processes, more productive workers, reduced costs, greater environmental consciousness, and more satisfied partners and customers.