We’ve been blogging a lot about print infrastructure security recently and want to share SmartPrint’s comments on the Toronto law firm that was hacked as it’s a good example of a situation where if they were equipped with the right equipment and configurations, they could have avoided the ransomware breach completely.
Our systems engineering team work with clients from legal, financial, healthcare, manufacturing companies and other types of organizations to help them lock down the office print infrastructure. It’s a very important practice given that according to IDC, 40% of Canadian companies had security breaches in 2016, and 54% of those hacks were completed with the print infrastructure as the entry point. Scary isn’t it!
Here’s an example of how this law firm could have protected itself:
With best in breed office print equipment, a malware attack could have been stopped immediately. Once the print job with malware went to the print queue, or printer, the device would have immediately re-booted, and staved off the attack.
If the client was running the latest print security software that SmartPrint recommends and implements, the software would have notified IT of the attempted breach so that the attempt wouldn’t go unrecorded.
The firm would have been able to automate the processes around print infrastructure security and report on status at any time. They would have also been able to warn and train the user group regarding the attempt to improve user knowledge of future malware schemes.
What shocks us every time we complete a print infrastructure security assessment for a client is that the organization thinks they are in good shape; however, the assessment comes back with significant security issues/holes. If you think you don’t have budget to invest in your environment, guess what? When we complete a free assessment and recommend updates, potential upgrades and implement simple software to monitor the environment, we always decrease the total cost of ownership for the organization. It’s really a win/win! A locked down print infrastructure at a lower cost; not to mention a more productive environment for users.
If you are interested in making sure you are secure, contact us.
Your organization invests a great deal of time, effort and resources into the development of intellectual assets, so it’s important to protect your organization’s intellectual property from being compromised or stolen. Open printer ports, printer web servers and FTP protocols are becoming a popular entry point for hackers, and unfortunately Print Infrastructure Security is an area that can often be overlooked, thus exposing organizations to potential security breaches. In order to determine whether or not this is the case, you should start by conducting a Print Infrastructure Security Assessment to pinpoint potential vulnerabilities. We then recommend that you implement software and business processes that will lock down the physical and digital print environment, automate print security and enable reporting and auditing capabilities.
Assess Your Network Printer Security
A comprehensive Network Printer Security Assessment should analyze the device set-up and configurations of all of the print devices on the network, as well as how they are utilized for all of their functions. The following is a list of items to examine during your security assessment:
Unauthorized access is the use of a computer or network without permission. A cracker, or hacker, is someone who tries to access a computer or network illegally. Some hackers break into a computer or network for the challenge. However, others do this to utilize or steal intellectual property and resources, or corrupt data. Assess the access points – physical and digital – and protocols on your printer network and on all of your networked print devices, and identify which access points and protocols can be used as inroads for potential security threats.
Unclaimed Print Jobs
Determine what happens to unclaimed physical print jobs. When confidential documents get printed and left on work group print devices, what happens to these documents?
Device Settings and Ports
Assess networked print device ports and protocols and identify which ones aren’t being used.
Determine which users are scanning documents and where these documents are being sent once they have been scanned on devices within the corporate network.
Document all of the security vulnerabilities you discovered and develop a security plan to address each vulnerability.
The following HP video is an excellent depiction of some potential print security breach scenarios:
Click here to see if you qualify for a free Print Infrastructure Security Assessment.
How to Improve the Security of Your Network Printer Environment
Device Security Policy
If your Device Security Policy is not comprehensive enough or you don’t have one that is formally documented, your organization may be vulnerable to security threats without even realizing it, so it’s imperative to have a formally documented Device Security Policy and ensure that it gets properly implemented. Make sure that your policy specifies and limits access to information AND network assets. This policy is the foundation for creating a secure network printing environment.
Document management, often referred to as a Document Management System (DMS), is the use of a computer system and software to store, manage and track electronic documents and electronic images of paper-based information captured through the use of a document scanner, multi-function device or networked copier.
Let’s take a look at traditional paper-based filing. Rows of large document folders are put into these filing cabinets in the hopes of being stored correctly. Paper doesn’t keep a record of who has viewed it, copied it or scanned it, and it can be destroyed or damaged accidentally by things like a water pipe bursting, fire or the accidental spillage of coffee.
Think of a Document Management System as a large electronic filing cabinet with folders that are stored in an unlimited number of drawers (based on hard drive space of course). Digital content is secured by user access rights. When documents are checked out, changed audit logs can track who has looked at the document, changed the document with version references and can even prevent unauthorized users from viewing and/or printing the document. The Document Management System’s IT backup processes ensure that documents don’t get damaged or destroyed accidentally, unlike those stored in paper-based filing systems.
Print Workflows and Process Automation
For many organizations it’s difficult to monitor and manage each and every user’s print jobs. Many times print jobs are forgotten or sent to the wrong printer and documents end up sitting on the printer, never to be retrieved by the user. This is especially troublesome when confidential documents are left for everyone (even unauthorized users) to see.
To prevent this from happening you should establish print workflows and automate print processes. A print workflow is the definition, execution and automation of business processes where tasks, information or documents are passed from one participant to another according to a set of procedural rules.
FollowMe Printing allows users to print to a shared print queue, and roam and release their print job from any enabled output device. This ensures that printing remains confidential to a specific user and reduces printed waste from documents left uncollected at the printer. If a printer is out of service, users can release their print jobs from the next available printer, without disrupting productivity.
Authenticating at multi-function output devices enables custom scan capture workflows to be presented at the panel. This process ensures secure access to retrieve printed content while using the devices as on-ramps to key line of business applications storing captured content.
Tracking and reporting tools create transparency for all print costs, helping finance managers allocate or recover costs from individual departments or clients. Organizations can also use tracking data to help them comply with industry regulations such as Gramm-Leach-Bliley Act (GLBA), Payment Card Industry Data Security Standard (PCI DSS) and Sarbanes-Oxley (SOX).
Automated Print Device Security Software
Strengthen information security and significantly reduce administrative overhead by utilizing automated print device security software that automatically deploys and updates print device identity certificates. HP Security Manager performs these automatic deployment and updates, and offers a simple, intuitive process for securing your print fleet. It efficiently deploys and monitors devices by applying a single security policy across the fleet, and secures new HP devices as soon as they are added to your network with HP Instant-on Security. Actively maintain and verify compliance with your defined security policies using HP Security Manager’s automated monitoring and risk-based reporting.
Is your print fleet out of control? Are your print vendor management and procurement processes becoming too complex and time consuming?
If you answered yes to one or both of these questions then it’s time to consider working with a Managed Print Services (MPS) expert.
We consistently see organizations with office print environments that are a mess. There’s little to no standardization or cost control over their print fleet, often due to the fact that they have been buying print equipment and services from a number of different companies.
For example: The office services team is leasing copiers from a copier manufacturer, and is working with a “copier rep” who is constantly selling the latest and greatest equipment and services that have all the bells and whistles that will of course save them money! The IT team is buying print devices from a large reseller, and the purchasing team is dealing with big box office supply companies to support the print environment for toner, service calls and whatever else they need.
In many cases, one department has no clear idea what the other department is doing. What complicates things even further is that organizations don’t employ experts that can make strategic decisions on print services and equipment purchases. With the right type of print partner, organizations can save thousands of dollars a month, simplify vendor management and procurement processes and increase user satisfaction.
Consolidating office printing and imaging suppliers is a proven strategy that increases buying power, which in turn leads to reduced costs. Furthermore, vendor consolidation leads to the simplification and minimization of vendor interactions in the areas of procurement process and risk reduction.
By moving to one independent Managed Print Services partner that will manage 100% of an organization’s printing and imaging needs, the following benefits can be realized:
1. Hard cost savings for equipment, software, supplies and services
A leading print partner is able to leverage their market knowledge with the right manufacturers to provide standardized pricing that is far better than the organization can negotiate on their own. This market knowledge is a huge factor in reducing capital and operational costs.
A balanced deployment of equipment with the right devices in the right locations to increase user productivity.
2. Reduced vendor relationship management and procurement costs
Managing procurement calendars with multiple suppliers takes time and focus; vendor consolidation simplifies this process.
Reduces accounts payable processes dramatically; often from having to deal with 100’s of monthly invoices to 1 detailed quarterly invoice.
One simple web-based interface for the IT Helpdesk and/or Users to interact with, reduces training time and confusion when technical support is required.
3. Reduced risk and increased user satisfaction
One print partner / vendor / sales relationship means only one group of technical resources entering your premises to give control and standardized building access, and adhere to your non-disclosure policy.
One standardized process that eliminates finger pointing, resulting in the simplification of support processes for IT and users.
Through the assessment of print environments and the implementation Managed Print Services, SmartPrint has helped numerous mid-market clients reduce their print vendors from 5 or more down to 1, on average. In working with large enterprise type organizations, vendor reductions are generally more along the lines of transitioning from 30 print vendors down to 1.
Many of these organizations initially had no idea that their vendor relationships were so out of control and that implementing print vendor consolidation would be so beneficial. The value of consolidating multiple print vendors down to one vendor, although hard to measure in soft cost savings, has been seen by C-suite executives as extremely valuable from a bottom line perspective. And from an environmental standpoint, the reduced administration and use of paper when working with one strategic print partner supports the reduction in an organization’s carbon footprint.
Managed Print Services through a Vendor of Record program (VOR) and tied to a manufacturer of hardware. Is that really MPS?
We consistently see organizations in multiple verticals that are running procurement for office print devices in a status quo mode. Many organizations in the professional services, manufacturing and distribution verticals are just not engaging in true Managed Print Services (MPS). We also see healthcare companies, hospitals and other public organizations working with vendor of record programs (VOR’s) that are simply not meeting the objectives that the buying committee expected.
Typically we see that the Managed Print plan goes in one of two directions.
By working with a device manufacturer that claims to provide MPS, a one to one hardware refresh is performed and ends up increasing capital costs dramatically, while only moderately reducing operation expenses. In most cases, a hardware refresh wasn’t even required.
A hardware refresh which involves the consolidation and dramatic reduction of the number of devices is performed. This approach can save capital dollars and can also reduce operating expenses, but the operation cost savings is often temporary. Why is this temporary? Well, here’s the challenge with this approach, consolidation can work in some environments, but we often see that by decreasing the number of devices across all user groups, some user groups end up having to buy more print devices, so that they can work more efficiently. Unfortunately, the devices that individual user groups purchase on their own have high operating expenses and often increase overall costs dramatically.
In both cases, what is missing is the analysis of all of the organization’s departments with a specific focus on how each user group works and what workflow requirements they have. The aim of this analysis is to get the device placement correct i.e. implement a balanced deployment of equipment and integrated solutions that will increase the user’s efficiency. By using this approach a managed print services consultant can help organizations save capital and operating expenses related to the enterprise print environment, while ensuring that all user groups have the tools they need to be successful at their jobs. In the end, user groups are happy and are able to work more efficiently.
Two other very crucial areas that are consistently overlooked by the two approaches mentions above:
A hardware refresh is performed without taking device security management into account and without a digital/physical document security plan.
A print device management plan is implemented without the tools to manage devices remotely through a console where driver and firmware upgrades, as well as automated securityimagescan be implemented across the fleet of equipment.
Is there an opportunity to optimize your print environment, in order to significantly decrease Capex and Opex, and increase efficiencies within your organization?
Contact us or request a no obligation print environment assessment, which will enable you to compare the costs and benefits of a potential managed print solution against the state of your current print environment. We will develop a custom project plan for your organization to ensure that significant savings, and user efficiency and satisfaction are realized through a true MPS implementation.
Read this Case Study to see how this hospital reduced their print hardware requirements by 45%.
What are office printing best practices? From SmartPrint’s perspective, it is putting the right technology in the right location in the office to give the users the functionality and options they require to be efficient. All of this while ensuring that the recommended group of devices are optimal from a cost perspective.
Putting the right technology in the right places is a crucial part of office print best practices. Getting it wrong can increase costs dramatically. Additionally, users may not have the tools they need to do their jobs. Think about how effective a carpenter would be with a saw that takes him ten times longer to cut a piece of wood. How frustrating would this be? Then, think about a busy office worker that has to use a device with inadequate speed that needs repair often and doesn’t provide scanning capabilities so they have to walk 200 feet to scan an important hard copy document to convert it to a PDF.
Printing Centralization – Is it the right choice?
We consistently see copier manufacturers in the Canadian market trying to sell office printing centralization, but putting a few big expensive devices into an organization to capture all of the pages rarely supports the users’ needs. It can potentially reduce overall office printing costs short term, but many times has the effect of making users less productive. This isn’t inline with office printing best practices because footsteps cost money.
Time and time again, our SmartPrint consultants run into organizations that have been centralized in the past by a copier manufacturer’s sales person. What they typically find is that users’ needs were not being met so many of the smaller print devices that were close to the users were plugged back in or new ones were purchased by individual departments.
As a result, the great financial plan to centralize on a big low cost per page device has been completely lost. Also, the expensive lease cost of that big, centralized copier is higher than the rest of the printing for the entire office and is completely underutilized.
Why does this happen? It might be that the organization didn’t have a well thought out strategy for office printing. They choose to work with a manufacturer vendor whose job is to make sure their brand is the only brand sold so they can maximize revenue and keep the assembly line busy.
Vendor-Neutral Print Experts to Recommend the Right Devices in the Right Places
The real solution here is that it takes a vendor-neutral expert to provide a balanced deployment of equipment because, to satisfy the needs of different users and departments, there is typically more than one brand of hardware required for the entire print environment to run optimally – both for user experience and cost. There are hardware manufacturers that make very good large copier style devices with open architecture and state of the art technology that enables very high up-time and functionality. There are other manufacturers that build highly efficient and versatile small and mid-sized devices that can be placed close to the user groups to enable efficiency with all the required functionality and high up-time.
If the right small and mid-sized devices are correctly placed, they are often very close to the same operating costs as the large centralized units and have a much lower price tag. The right balance of equipment can make a significant difference in the total cost of ownership if your managed print services partner has the print environment expertise that understands office printing best practices.
Keeping an Eye on Hidden Print Manufacturer Future Costs
Recommending best-in-breed print equipment for each required category to support the users ensures a low total cost of ownership (TCO) long term. There are manufacturers with limited market share that make good devices but with limited market share in a category, the supply chain for consumables and replacement parts can be a challenge.
This situation leads to significant price increases year over year because of the lack of supply in the market place. Some print device manufacturers release new hardware devices each quarter, making very subtle changes to devices while changing the consumable SKUs and repair parts so that, in the future, they can increase supply items and make more profit long term. The strategy of releasing new hardware also protects the manufacturer from aftermarket consumables taking their long term profit away.
However, the challenge is that none of this is good for the end user; it results in complexity and increased cost.
Independent MPS Experts Protect Organizations by Implementing Office Printing Best Practices
Working with an independent managed print services (MPS) expert can protect organizations from these challenges because they know how to implement office printing best practices. You can get the right best-in-breed brand of devices in the right places. Best-in-breed print devices will protect against future price increases and a balanced deployment will enable users to be efficient and effective while providing the right blend of total cost of ownership and user productivity.