Cyberattacks can happen in any industry, but when a government agency is attacked, the consequences can be especially dire. Such fears recently came to light in Kansas when a cybersecurity firm tested the state's government security and discovered that a handful of printers accessible on its network weren’t password protected. Using information from a single unprotected printer, the security firm was able to compromise the entire domain.
But better password implementation would not be enough to fully protect against even moderately skilled hackers. Creating a comprehensive shield against cyberattacks is a process that never really ends, and many areas tend to fall through the cracks. Here are three commonly overlooked security measures that government agencies and service organizations should be managing:
Secure your print environment
The U.S. government spent $28 billion combating cyberattacks in 2016, but despite these figures, print security is still too often overlooked. People tend to forget that modern printers are sophisticated network computers. If hackers break into a network printer, they can access any documents that machine processed or remotely print offensive material. Worst-case scenario: Hackers can roam freely through your network, steal data, install spyware or shut systems down completely.
On top of all that, significant privacy concerns often exist when something is printed. Too often, confidential documents are printed and then forgotten in the device output tray. When sensitive information is left on a printer for anyone to pick up, you can imagine the potential consequences.
Government agencies are seeking ways to function more securely while also managing financial pressure and higher efficiency expectations. This is why agencies are increasingly turning to secure pull printing solutions to improve printer security and document confidentiality while also reducing costs.
In an environment with secure pull printing, employees submit their print jobs to a secured queue and use their access cards or company credentials to "pull" their printed documents from whichever network printer is most convenient. This way, employees are always physically present at the device to collect their documents, which significantly improves confidentiality and reduces wasteful reprints. In addition to locking down printers and securing print workflows, this technology also improves efficiency and reduces printing costs.
Manage BYOD carefully
Managing work emails on personal devices is becoming more common. But a “bring your own device” (BYOD) culture introduces more opportunities for mistakes, such as unintentionally accessing malware on a device that may later be used for government work.
Crowd Research Partners recently reported that 39 percent of organizations utilizing BYOD have encountered malware in their networks. And 35 percent of organizations surveyed weren’t conducting security checks on devices, so these problems were going unnoticed.
BYOD risks include inadvertently handing over access credentials or releasing data due to a lost or stolen device. One way to avoid these problems is to make use of remote control policies. When a device is lost, you can wipe sensitive data remotely. Android and Apple devices both have this capability as well as the option to track lost phones or tablets in case a full wipe can be avoided.
Protect against social engineering hacks
According to Inc., 12 out of the past 20 major attacks on corporations involved social engineering, the modern-day con. These attacks rely on human interaction, during which the hacker tricks someone into breaking normal security procedures in order to gain access to systems or sensitive information. One former Anonymous hacker said that every attack by the group involved social engineering in some form because a relationship with a person is the easiest way into an organization.
Government agencies need to refine their social media policies and get specific with employees about what not to share online. You can’t make every employee keep everything about his or her life a secret, but you can educate employees about the dangers of careless social media interactions and the potential ramifications.
A security awareness education program can give employees the tools to understand and avoid these and other dangers. Additionally, a comprehensive security audit can help identify specific vulnerabilities within your organization so you can make the proper adjustments to your security protocols.
Everyone agrees that cybersecurity is essential in all areas of business and public service, but not everyone incorporates print security, personal devices, and social media activity into their security strategies. Don't let these often overlooked vectors leave you vulnerable to attacks.
Kevin Pickhardt is the CEO of Pharos Systems International, an enterprise print solutions provider based in Rochester, New York.