While we are supposedly in the era of the paperless
office, intentional leaks via printed documents remain very common and can be
just as damaging as their digital counterparts. While most of us realize the
necessity of paper, do we recognize the risks of unauthorized viewing or
document removal from the worksite?
Data loss – hidden in plain sight
The removal of sensitive documents is perhaps best
highlighted by the recent case of Reality Winner, an NSA contractor, jailed in
the first week of June after it was discovered that she ‘mishandled’ top-secret
documents (as reported June 6, in the NY Times). She stands accused of
“gathering, transmitting or losing defense information.”
With leaks very much on the US administration’s
radar, internal investigators discovered documents that had been damaged
(creased), and thus likely printed, removed and subsequently returned to their
secure location. As reported by the New York Times, Ms. Winner, a US Air Force
Veteran, almost immediately admitted to the crime, citing the motivation that
she had to resist the administration’s moves to erect a border wall with
Mexico, along with her posting the #NeverMyPresident hashtag on Twitter.
While most incidents don’t involve such high levels
of international intrigue and purposeful intent, security incidents and lapses
can happen in any company.
Document control is a reputational issue
Just as there are ways to audit, manage and protect
electronic documents, there are ways to manage printed documents, too. So, how
can you protect your printed data so that it won’t fall into the wrong hands,
and are there any additional threats that should be addressed?
Human error – the most common problem
As a consultant who has earned his wings running
security audits at SMBs, I can recall one case where an employee from a company
in Frankfurt undertook regular business trips to visit a subcontractor. Apart
from the printers he used in his office, his laptop was also configured to use
any of the subcontractor’s printers. One day, when out at the subcontractor’s
again, a colleague back in Frankfurt received a message from him, saying:
“Run to the printer, pick up the document, don’t look at it and shred it.” What
had happened was that the employee decided to print a database of personal
customer data, but picked the wrong printer to do it on. The problem is that
when you print a document on a remote printer, it can be accessed by anyone in
the organization and it doesn’t require a malicious insider for this to become
a security threat. Imagine an ordinary employee reviewing some important
contracts or management salaries by accident. These situations can lead to
problems within the company.
When it comes to an internal or external attacker,
people can very easily take documents from a printer and walk away with them.
Also, if you don’t find your documents at the printer, you are more likely to
consider it a hardware failure than a security incident with someone actively
leveraging your data for malicious purposes.
“Prevention means managing
the printing of sensitive documents. One possible solution is to focus on a
Data Loss Prevention (DLP) product.
Prevention means managing the printing of sensitive
documents. One possible solution is to focus on a Data Loss Prevention (DLP) product. These applications can
define which data can be printed on specific printers and by whom. One
advantage of this technical solution is that in the event of unauthorized
activity, the DLP system logs the incident, notifies the user of the risks, and
can also block the print. Potential breaches trigger alerts, which are then
delivered to the security manager. Other options include print management
solutions that allow document printing only after explicit user authentication
(e.g. using a contactless smartcard) at the printer’s user interface.
Important documents are everywhere
Since I’ve just mentioned HR above, I should
address the many times I’ve seen printed CVs lying around on work desks, tables
and of course in printers. Commonly containing manager’s notes and comments,
loose CVs also have the potential to cause interpersonal conflicts based on
speculation over issues of seniority, leadership and pay. At larger companies,
financial documents, contracts and customer data could be at risk. One time
when I was visiting a company as an incognito auditor, I was able to see a
document left in a printer in the corridor. It only took me a few seconds to
find out that the company wanted to buy a piece of property. I saw the
negotiated prices, contact information of all the relevant people, a business
potential analysis and the results of an internal SWOT
property analysis. Phone always at the ready, all I would need is two seconds
to capture this information and walk away with it. Similarly, in the corridor
of a healthcare company while waiting for a meeting, I once found a document
that contained personal patient data and medical histories.
When documents containing sensitive data are left
in a corridor or other public place, it is mainly a problem of physical
security. In order to reduce the risks related to such document exposure, we
recommend removing printers from places accessible to guests or the general
public. It is also important to implement and enforce a clear desk policy. The
policy itself is not enough, of course – best practice is to support it with
regular training and internal audits. When a company already has a data
classification plan in place, it can mark important documents with a “sensitive”,
“internal”, or “top secret” watermark. Then, employees can also see what data
they should be protecting. Another point to add here is to look at departments
or units that are ‘hardcopy-heavy’ in nature and assess the level of risk they
pose to the organization. Marketing and PR teams represent print heavy
departments and have access to sensitive corporate information.
While they are unlikely to have access to core
intellectual property – or as in the case with HR, another ‘hardcopy-heavy’
department, their ability to make or break a company’s reputation means that
their printing ‘behaviors’ might be worthy of further examination.
How to keep print under control
Among the most important issues with the exposure
of sensitive printed data is that these kinds of incidents happen very
frequently. It is therefore highly probable that they will eventually cause a
great deal of trouble if they are not prevented in the first place. Just as
with information security as a whole, the protection of physical data should be
a mix of organizational, physical and technical controls:
·
A good first
step is to conduct a printing audit. This often reveals security issues – e.g.
sensitive data being printed unnecessarily, or problems in physical security.
·
After the
risks are identified, it is logical to proceed with the implementation of
security measures – setting up policies, training users, and implementing a
print management or Data Loss Prevention solution.
·
Just as with
other channels of potential data leakage, document printing should be subject
to regular audits. A company should then adjust security measures according to
audit results.
At the end of the day, you should remember that the
employee (user) is the most important part of data security. Companies should
work on inspiring awareness, motivation and loyalty: without it, encountering a
security incident is just a matter of time.
About the Writer: Matej Zachar is a Project & Security Manager @Safetica
TechnologiesData Protection Expert, ESET Technology Alliance.