Connect with us

Global Banking and Finance Review is an online platform offering news, analysis, and opinion on the latest trends, developments, and innovations in the banking and finance industry worldwide. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website. .

Top Stories

Locking Down Data Leaks

hand puzzle

In an industry that’s had the need for secure practices drummed into it, there’s one potential weak spot that needs investigating. Simon Hill, Nuance Communications, explains why it’s is time to consider the document security risks posed by Multi Function Printers.

hand-puzzleFew items of office equipment are as innocuous as the multifunction printer (MFP). Aside from the occasional need for paper or toner, day by day, it usually conducts its tasks reliably and efficiently, seemingly untroubled by the security woes that can afflict a company’s networked PCs, mobile devices or internet connection. But beneath the MFP’s unassuming external appearance, lurks the potential for a security breach that can be just as damaging as one that originates from a PC, or from the loss of a memory stick containing sensitive information in a public place. MFP scaremongering, or MFP fact? For a qualified response, put that question to the UK’s Plymouth County Council. In November 2012, it was fined £60,000 by the Information Commissioner’s office. The breach occurred when two reports about separate child neglect cases were sent to the same shared printer. Three pages from the first report were mistakenly collected with the papers from the second case, and so were handed to the wrong family.

Paper, paper, everywhere
In an industry that’s being forever urged to protect confidential information whizzing through the ether, a piece of paper may seem fairly innocuous. Yet the erroneous distribution or disposal of physical or paper-based documents containing confidential information still carries its own consequences – as Plymouth County Council discovered. There is an irony here, or course; while we are increasingly surrounded by warnings and best practice with respect to online security – with banks implementing policies and technologies to safeguard information shared and stored electronically – there is still the danger that security basics are being over-looked with respect to paper-based documents.

Why is now the right time for the banking sector to look closely at the MFP as a security risk? Today, the MFP is playing an increasing role in helping banks and other financial institutes to automate and streamline workflows associated with paper-based documents – either for efficiency, legal or environmental reasons. MFPs are central to helping them achieve their document-related goals and enjoy the process efficiencies, customer service and environmental benefits that come with a digital document workflow. The more MFPs get used, though, the more opportunity there is for breaches to occur, should unclaimed print output – which might include customer address details, information about their accounts, fund transfers, or sensitive data relating to salaries or income – be left vulnerable and exposed to those unauthorised to view it. With analyst group Gartner stating that between 10% and 40% of print output going unclaimed, the opportunity for an incident to occur is potentially high.

Simon-HillThere is a further reason to look closely at the MFP. Many banks – including Barclays Wealth & Investment Management in the UK – are starting to deploy advanced voice-based biometrics solutions, like Nuance’s FreeSpeech to securely and automatically confirm the identity of their customers. Banks are investing considerable time and effort explaining how biometrics benefit customer convenience and, of course, customer security. Therefore, against the backdrop of banks implementing such sophisticated measures to protect customers, it would make for an especially uncomfortable – and potentially expensive – faux pas if a humble MFP was found to be the source of a high-profile confidentiality breach.

Reducing the risk; now and in the future
Fortunately, there are very effective ways for banks and financial institutions to protect printed documents and prevent data leaks. A practical first step is secure release printing (also known as pull printing). In this case, print jobs are only released to authorised users, either using a pin code or a smart card. Many MFPs already have a basic PIN code secure release printing capability built-in. Such simple print security measures can help to mitigate the risk of sensitive data falling into the wrong hands. By way of example, Allied Irish Bank and BNP Paribas are using Nuance SafeCom printer management software for secure printing. With SafeCom, the banks have built access control into their employees’ swipe cards, so they can authenticate themselves at the device and only claim their own print output. In a further development from Nuance, voice biometrics is a secure and convenient way to authenticate device users through their natural and unique voice patterns, rather than through PINs, passwords, or questions, to further increase security levels and ease of use.

Security engineered for life
While document retrieval can be addressed quite effectively, it is just one of many ways that an MFP can be a security weak-spot. It is imperative, therefore, that a bank conducts a more comprehensive assessment of its MFP estate’s vulnerabilities that might affect it throughout its lifecycle. For instance; has the MFP reseller helped to ensure that the devices comply with any security-specific regulations or industry practices? Is there a policy in place to ensure that firmware patches are regularly installed to protect MFPs? What measures have been implemented to protect the MFPs and printers from malicious attempts to recover documents or traces of documents stored on them? Equally, have safeguards been put in place to protect the MFPs and printers from malicious attempts to tamper with how the device operates, or to store or circulate foreign material, or to protect the MFPs and printers from serving as a back door into your network? At the end of their useful life, can you be sure that your old MFPs and printers will be disposed of in such a way that there is no trace left of the documents once stored on the hard-disk drive or in memory remaining?

Clearly, the need for secure print is a challenge that can be addressed using policy, training and products. Effective MFP security must be included as part of an organisation’s wider information security policy. Indeed, implementing secure printing practices is a small investment compared to the potential financial, legal and customer trust repercussions of a data breach, and it can help a financial organisation avoid its own Plymouth County Council moment.

 

Global Banking & Finance Review

 

Why waste money on news and opinions when you can access them for free?

Take advantage of our newsletter subscription and stay informed on the go!


By submitting this form, you are consenting to receive marketing emails from: Global Banking & Finance Review │ Banking │ Finance │ Technology. You can revoke your consent to receive emails at any time by using the SafeUnsubscribe® link, found at the bottom of every email. Emails are serviced by Constant Contact

Recent Post