In-House Security Threats: Failing to Secure Documents Can Lose More Than Just Data

1215_CanonThroughout a regular business day, a vast amount of confidential business information circulates around an organization, from desk to desk and inbox to inbox. As employees carry out their daily tasks, transporting data in the form of both paper and electronic documents, it raises the question: How can we be sure this information ends up in the right hands?

Unfortunately, what happens in the business doesn’t always stay within the boundaries of the company. In September 2014, the FBI issued a warning to American businesses about a rise in hacking attempts by current and former employees. Moreover, a 2014 report by Forrester Research determined that 46 percent of breaches were caused by an internal incident, and of these internal incidents, 42 percent were the result of inadvertent misuse.1

Contrary to popular belief, most breaches are not carried out with malevolent intent or by an elite group of information technology hackers. The majority of leaks simply occur due to the carelessness of everyday employees during a demanding workday. Many of us are familiar with the tales of a tired commuter forgetting a laptop or briefcase on the train or at the airport after a long business trip. While these incidents do indeed occur, the day-to-day use of printers in the office is a more common threat than a lost briefcase. Each day, there is the possibility of a document left in a printer tray finding its way into the wrong hands or an employee discarding sensitive documents into a trash can instead of the shredder.

The Price Tag of a Breach

Capable of shattering more than just a business’s reputation and its financial stability, security data breaches carry a hefty price tag. A 2014 study conducted by the International Data Corporation (IDC) concluded that security threats cost the average company $1.3 million per year, excluding major breaches, with 80 percent of organizations surveyed expecting to suffer at least one successful attack requiring serious remediation.2

While the leak of confidential information can cause a calculable loss in terms of sales, there’s a good chance it can also result in immeasurable and often staggering damage to its intellectual property. The loss of intellectual property often results in the loss of major revenue for years to come, including patents, trademarks and copyrights. Additionally, leaked information can also carry another hefty price tag: regulatory fines. With the disclosure of employee files, patient data or confidential financial information, the sustainability of a flourishing business can quickly wither.

Security Access: Less is More

Every business handles some form of sensitive information. To ensure this information remains private, businesses should form a strategy that limits document access to only those employees who absolutely need the information to carry out their duties. This security approach should incorporate all devices and systems that may be used to dispense company information including MFPs, printers and scanners.

To reduce the impact of human risk, we recommend using security techniques such as hard disk encryption and overwrite capability, as well as solutions that allow administrators to monitor and limit device access. Print job access can be easily restricted with the help of applications that enable users to view the status of waiting print jobs only upon authentication at the MFP.

This verification process can prevent unattended print jobs from lying in the output tray and being retrieved by the wrong user. To further prevent outsiders from viewing the print job, in the event of a device error, such as a paper jam or lack of paper in the tray, the job is deleted and the user is notified.

Forming a Content Audit Trail

As information passes through an organization, MFP auditing solutions can be instrumental in helping businesses monitor the path of a document and track the type of activity each user contributes to the system. Auditing solutions that can allow administrators to monitor, manage and control document processes on the MFP can provide a content audit trail by monitoring various activities, including print, scan, fax and copy, and capturing, archiving and notifying what information users add to the system, should a possible leak occur.

Business Security in the Technical Age

We are living in the digital age, where businesses are taking advantage of trends such as the Internet of Things and “Bring Your Own Device” (BYOD). Technology has the potential to propel the future of a company, but with these mobilizing trends also comes new threats and vulnerabilities, and companies must take the necessary steps to ensure trends help the business rather than inflicting harm.

In addition to investing in technology, companies should also prepare processes and policies that adequately train employees to be more security-minded. Doing so will result in a more comprehensive security strategy, ensuring that employees remain a company’s greatest asset and not its greatest liability.

This article originally appeared in the December 2015 issue of Workflow.


1 Forrester Research, Inc., Understand the State Of Data Security and Privacy: 2014 To 2015. December 2014.
2 IDC, Beyond the 3rd Platform: Future of Security, Doc #DR2015_T8_CC, March 2015.

Hiro Imamura is senior vice president and general manager at Canon USA Inc.