A quick guide to secure your PC’s and Printers for compliance

24/08/20184 Minute Read

The consequences of a customer or company data breach can be catastrophic to a business of any size. The resulting damage to reputation, customer and the bottom line are just the tip of the iceberg. Businesses could pay the price of enormous penalties, imposed by strict compliance regulations. As firewalls are no longer enough to protect your data, businesses must implement multiple layers of protection down to every network endpoint—from PCs to printers—to build their defenses and address compliance requirements.

In today’s tech-enabled world, device proliferation is leading to complex multi-device and multi-platform infrastructures as businesses continue to focus on becoming mobile organisations and meeting the demands of their workforce. Every one of these devices is an access and exit point for company data and can come at a security cost. One of the biggest challenges facing companies today is how to control and secure data without disrupting business operations. Increasingly, data is being held and processed beyond the firewall boundaries, making the task of securing data more difficult for network defenders.

The rise of cyber attacks has led to the implementation of data security regulations which are important to businesses around the world. Directives such as the EU General Data Protection Reform Act (GDPR) are not just relevant to organisations based in the EU, but apply to any organisation collecting data from EU residents.

The EU GDPR warns businesses of significant fines if they’re found to be non-compliant in the aftermath of an attack. These fines are on top of the financial destruction caused by the data breach itself. Other regulations such as The Directive on security of network and information systems (NIS Directive) have imposed new network and information security requirements on operators of essential services and digital service providers (DSPs). Organisations are now required to report certain security incidents to competent authorities or Computer Security Incident Response Teams (CSIRTs). The pressure is on.

Key requirements of the EU GDPR

Businesses must comply if they collect data in the EU

If an organisation collects and uses personal data in the EU, they need to comply. This includes people buying goods and services as well as monitoring customer behaviour in order to use that data. For example, if your business tracks online activity to improve customer targeting. Even if your business is outside the EU, every device that can access customer data must be secure.

Businesses must be meticulous with maintaining documentation

The requirements related to maintaining documentation, conducting impact assessments and reporting breaches is time-consuming. Every time a new device is added to the network, it should be secured to your policies and monitored by a SIEM (Systems Information and Event Management) tool to track issues, enable remediation and support compliance reporting.

Businesses must report a breach within 72 hours

Businesses must notify the Data Protection Association without undue delay and – where feasible – within 72 hours. If they don’t, a reasoned justification must be provided. This requirement is designed to protect the rights of individuals to know what is happening with their personal data and understand if the organisations that hold their data have the correct procedures, tools and products in place to monitor, identify risks, and stop attacks.

Businesses have to pay heavy penalties if they do not comply

EU GDPR regulations feature a tiered approach to penalties and the severity of the breach will dictate the size of the fine. The maximum penalty to pay could be 4% of a company’s annual turnover up to €20 million[1].

3 tips to ensure your PCs and printers are compliant

When it comes to PC and printer protection, there are practical steps to take to ensure your endpoints comply with these regulations.

1. Prepare for compliance audits

To prepare for any compliance audit, IT teams should ensure they can effectively monitor their entire IT infrastructure including endpoint devices such as PCs and printers. They should also schedule regular assessments to keep every endpoint device, including their entire printer fleet, in compliance with the policy.

2. Carry out a complete audit

IT teams must identify every device that can access their company and customer data and assess the level of security it has built in. It’s also recommended they use a fleet security management tool that can immediately identify new devices and automatically apply corporate security policy settings.

3. Embrace security by design

IT teams must put the right policies in place so that compliance requirements are not an afterthought but an intrinsic way that new devices and services are introduced into the network. Ensure you are able to monitor every device including your printers and feed anomalies or incident information into your network-wide vulnerability assessment and monitoring tools, such as an SIEM tool.

Want more information on how to implement layers of security that include every endpoint on your network? Start here.

[1] http://www.eugdpr.org/the-regulation.html

Jasmine W. Gordon 27/09/2018 4 Minute Read

Security Leader Profile: HP’s Michael Howard talks print sec…

Michael Howard never stops moving. As the Head of Security Practice at HP, he divides his time between leading a global team of print security...

  1. 6

Tektonika Staff 20/09/2018 4 Minute Read

Monitor your print fleet with these three security controls

The growth of the Internet has offered businesses unprecedented opportunities in communication and commerce. But it's done the same for hackers. As the...

  1. 2

Tektonika Staff 13/09/2018 8 Minute Read

Expert tips on endpoint security: understand how to stay compliant

With 21 years under his belt, Jason O'Keeffe is one of the world's foremost experts in IT security. As lead HP Print Security Advisor, he has firsthand...

  1. 3

Leave a Comment

Your email address will not be published. Required fields are marked *