In our previous blog we talked about how much of the proposed GDPR legislation has focused on electronic customer data. The focus is being placed on cybersecurity threats, server and database hacks, and stored electronic data whereas paper documents, paper records and data transmitted across corporate networks are all too often overlooked.
There are some important major transition points and associated steps that businesses can take to integrate physical and electronic document management and giving the two data types equal prioritization in order to achieve a more comprehensive level of GDPR.
Specifically data is especially vulnerable as it’s shared back and forth between its physical and digital forms. These transition points include printing, network email and scanning.
Print Management: Multifunction printers (MFPs) are an example of how print data can be compromised from a seemingly innocent source. Because most MFPs are connected to the internet, they offer anonymous “off ramps” to the outside world. Every day, huge volumes of documents and personal data are transmitted to MFPs, and without security defences, such printers can be breached, leading to data compromise and noncompliance.
In addition to external threats, malicious or dissatisfied staff can find it easy to damage a company, if there are no protections to manage what can be printed – and by whom.
What to do:
Companies can address this by controlling access to printing, including restricting access to print permissions and using print management software to keep a record of all outputs, thus helping organisations to track all print jobs.
Not all data leaks are due to ill intent. Often, human error leads to documents being forgotten on the paper tray or mistakenly picked up by the wrong recipient. Transportation of data in any format (including paper) is a risk to information security. One slip and it can be too late – an employee leaving paperwork on the train, or a courier losing an archive box, for example.
Print software can also be programmed to hold print jobs in a secure network queue until authorized to release the document by the user who printed the document from any device connected to the network – either with an identification badge or number. This can reduce the likelihood of documents falling into the wrong hands, while still affording users the freedom to pick up documents when and where they want.
Email: Accidentally sending an email to the wrong person which is then printed out can result in grave consequences if the email includes private information such as Social Security numbers, bank account information or birth dates.
What to do:
Companies can protect documents with sensitive information from being seen by unintended recipients by requiring passwords to open files or using a redaction tool to cover sensitive information – both of these are capabilities commonly included as tools in PDF software.
Scanning: Combining the presence of sensitive information with uncontrolled access to scanning creates an unsafe environment, and puts confidential information housed on paper documents at risk of being shared digitally.
What to do:
Restricting document access by placing privacy filters within scanning applications adds an extra layer of security for the data housed on these documents. When paired with technology that converts the image captured to searchable text, these filters can recognise words like “confidential.” When these types of terms are identified, the files can be automatically encrypted or even deleted.
To find out more about how Filofile can help you, click here: Secure document management