Privacy, Pandemic, Print and Protection

| 21 July 2022

The GDPR has been enshrined in EU law for four years now. In the intervening years the workplace has been transformed and so too have the needs of organisations to safeguard data from internal and external threat vectors including cyberattack, data breach and non-compliance.


Since the end of January last year, it is reported[1] that fines totalled EUR 1.1 billion have been issued by data protection supervisory authorities across Europe, representing a near sevenfold increase on the previous year’s total. Now, as workers head back to offices, either full-time or in a more hybrid capacity, many organisations from large enterprises down to small single site SMEs have, or are in the process of, upgrading their technology infrastructure, to create a new look digital workplace. The anniversary of GDPR provides an opportune moment to reassert the importance of data privacy and protection, given the larger/changed threat surfaces that these new investments and ways of working create.
 
Changes to the workplace creates a new threat surface
Threats to an organisation are not restricted to the actions of determined cybercriminals using advanced malware, ransomware, and denial of service attacks. Confidential information can also be leaked through phishing attempts or unintentional errors. According to Quocirca’s ‘The Print Security Landscape 2022’ report[2] (in which Konica Minolta is recognised as a leader in print security), 68% of organisations have experienced data losses due to unsecure printing practices in the last 12 months, costing them an estimated average of more than £632,000 per breach.
 
However a breach occurs, it can cause lasting and significant financial and reputational harm if an organisation and its employees are not alert to the risks. So, as workplaces become more ‘open’ environments we must rethink how we manage trust.
 
This is not to say that co-workers should not trust one another, but they should be given the capability and confidence to operate in an ecosystem that supports them to make the right choices, that protects them and the organisation from an attack/breach and the ramifications, whether from a regulator or cybercriminal. A good example of this is password management, the sharing of which has long been rife, as well as using weak credentials that are rarely changed. Recent research conducted by the UK Government[3] suggests that 75% of organisations have a password policy in place, yet it continues to be a rich hunting ground for hackers who have ready access to breached accounts on the dark web, where millions of new records are added daily.
 
There are of course important fundamentals that organisations can use, such as ensuring endpoint security is kept up-to-date and patched across all devices. Also, having clear guidance on the use of work and privately owned laptops, workstations, and mobile devices for work related activity. These may be lesser issues for larger enterprises with dedicated IT departments, but it can be a real challenge for smaller businesses to keep on top of. It is for this reason that those who place a premium on security choose a trusted managed service provider, to give them peace of mind that there are no weak links or easy entry points.
 
Every device needs protection
Ask the uninitiated to conduct a workplace security audit and those identifying the office printer or multifunctional device as part of the threat surface would likely be in the minority. However, whether it resides on the network or not, be it a single device or a fleet, left unmanaged it can present a risk.
 

quotation marks

There is no reason for any printer to compromise security and expose an organisation to network intrusion, data loss and regulatory compliance issues.

Olaf Lorenz

Head of International Marketing Division, Konica Minolta Business Solutions Europe

Despite this, Quocirca revealed in its Global Print Security Landscape Report 2022 that organisations are struggling to keep up with the print security demands of the hybrid workplace.[4] The analyst has indicated that workers are continuing to rely on print, however the distributed nature of the print infrastructure has expanded the risk environment. Despite this, few businesses have implemented key print security measures.
 
Simple steps include, reducing the risk of confidential documents being left in an output tray (or remaining on the MFP hard disk) by thinking about who can use which devices, for what purpose and where. Also consider insisting an employee authenticates themselves to ensure documents are only printed by those authorised to do so, and private documents cannot be printed by devices located in public areas. This can be easily managed by requiring a valid credential (biometric, access card, or password) to be entered on the device, to ensure the presence of an authorised person ready to remove the printed documentation.

The GRAWE Banking Group is an excellent example of how this Authentication Management process can be managed. It is taking advantage of Konica Minolta’s Dispatcher Paragon print management solution, with its bizhub i-Series MFPs, to ensure that documents are only released at the printer after prior authentication. This is particularly important for MFPs located in the bank’s public consultation rooms. The Head of IT Infrastructure at GRAWE Banking Group, Armin Rettl, explains: “Dispatcher Paragon is everything and more than we expected from a print management solution with the strictest security standards.” Rettl adds: “Thanks to Authentication Management, we can prevent unauthorised access to the highly sensitive information, eliminating security gaps. For us, the solution has already become a vital module for secure and future-proof printing. With Konica Minolta, we have the right partner by our side, with whom we have a trusting relationship as equals.”
 
Other Konica Minolta solutions that offer printing with authentication (Follow-me print/Secure Print) are Workplace Pure, EveryonePrint Hybrid Cloud Platform and YSoft SafeQ.
 
To prevent the MFPs from becoming a gateway for hacker attacks, bizhub i-Series devices can have BitDefender Antivirus installed to conduct real-time scans of in and outbound data, to protect against document-borne viruses and malware.
 
Furthermore, with bizhub SECURE, different security levels and access licences can be set to ensure the security of office devices and  network settings.
 
Every environment needs to be secure
For organisations wanting a secure cloud-based solution Konica Minolta has aligned its print hardware, software, and services to create new opportunities for the post-pandemic hybrid workforce.
 
For example, bizhub SECURE works with Konica Minolta's new cloud-based solution Shield Guard, which provides remote security monitoring and management for MFP. It offers automatic notifications and remediation, and allows businesses to control the security status of multiple MFPs from anywhere.
 
Secure software-as-a-service offerings include Konica Minolta's Workplace Pure (coming soon) and EveryonePrint Hybrid Cloud Platform.
 
Konica Minolta's in-house developed cloud-based platform Workplace Pure is highly secure and GDPR compliant and provides 24/7 access to services including centralised upload to cloud repositories, cloud print, cloud fax, secure guest print, smart document conversion and translation - all automated and streamlined from a single trusted source. The data centre Konica Minolta uses for this is the Open Telekom Cloud (OTC) data centre in Germany, where all shared data is hosted and which is protected by the strictest EU legislation including GDPR. OTC has also been ISO 27001 (information security) ISO 27017 (security of cloud services) certified. To guarantee the highest possible data security and availability, all services are distributed across Scaling Groups via three Availability Zones. This means that the data security, which is always a paramount concern for any organisation, is fully assured with Workplace Pure.
 
EveryonePrint Hybrid Cloud Platform, which has a comprehensive security concept and ensures GDPR compliance (also the Konica Minolta data centre has been ISO 27001 (information security) and ISO 27017 (security of cloud services) certified)). The end-to-end encryption of EveryonePrint Hybrid Cloud Platform guarantees secure encryption protocols for the transmitted data across all transfer points. In addition, the multi-tenant offering from EveryonePrint HCP ensures real separation of the data: the tenants are separated in the database via containers or have physical database separation. This means there are no interfaces with other clients and client’s data cannot be viewed by others. In the unlikely event that a security key is broken, only that container/tenant can be accessed, not other tenants.
 
Responsibility for product security begins with the vendor
As vitally important as it is for organisations that rely on printers and MFPs to take the right precautions, the responsibility starts with the vendor, to ensure that every product, service, and solution meets the highest security standards. Konica Minolta puts its products through rigorous internal cybersecurity tests, ensuring they meet PCI, HIPAA, FERPA and GDPR compliance requirements. It also uses independent experts to conduct penetration testing, for example the internationally respected IT services provider NTT DATA spent approximately 80 hours trying to hack into bizhub i-Series MFPs and were unable to find any major security vulnerabilities.
 
quotation marks

As companies embrace digitalisation, our customers know that Konica Minolta is the best partner to help design and realise their vision for a digital workplace – with solutions that meet the highest levels of information security and data protection. We are therefore pleased that we have fully complied with the strict auditing requirements. With ISO 27017 certification we can demonstrate that our 360º approach to information security extends across the breadth of our cloud services to provide our customers with total peace of mind.

Olaf Lorenz

Head of International Marketing Division, Konica Minolta Business Solutions Europe

In the world of document and data security, it is rightly said that any organisation is only as strong as its weakest link and print security needs to be part of an organisation’s security strategy. It is essential that every device, old and new is subject to the stringent security standards expected of any other device. The Quocirca report highlights the importance of printing (64% consider it critical or very important) and many IT decision makers expect office and home print volumes to increase during the next twelve months.[5]
 
The Intelligent Connected Workplace is fast becoming a reality and for everyone to enjoy the rich connectivity and productivity rewards it needs to be protected and compliant.
 

[1] DLA Piper GDPR fines and data breach survey: January 2022, DLA Piper Global Law Firm, 2022, https://www.dlapiper.com/en/us/insights/publications/2022/1/dla-piper-gdpr-fines-and-data-breach-survey-2022/  

[2] Quocirca Print Security Landscape, 2022, Quocirca, https://print2025.com/reports/quocirca-print-security-landscape-2022/

[3] Cyber security breaches survey 2022, GOV.UK, https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022

[4] Quocirca Print Security Landscape, 2022, Quocirca, https://print2025.com/reports/quocirca-print-security-landscape-2022/
 
[5] Quocirca Print Security Landscape, 2022, Quocirca, https://print2025.com/reports/quocirca-print-security-landscape-2022/

Contact

Contact

Graham Thatcher

Chief PR Limited

graham.thatcher@prbychief.com

+44 (0) 7933 673 240