G2 Fall report names PaperCut #1 in Print

Choose your language

Choose your login

Contact us

Blog

Secure printing: how to print confidential documents securely

Secure printing: how to print confidential documents securely

The moment you press print, your print job goes from a digital idea to a stealable, forgettable, misplaceabale, possibly irreplaceable physical document. 

Protecting your print jobs is an overlooked realm of IT security, but a no less important one. And while attacks and hacks (that rhyme though) are possible, leaks and spills are far more likely. 

Now, it is important to note, that security works on several levels. In order for someone to access your printer, they need access to your building. But redundancy is an important element of security. You don’t just rely on one point of entry or authorization. There are multiple security checkpoints that can protect or expose your confidential documents. 

5 most common print security leaks

Your primary concern in protecting your confidential documents isn’t from cyber pirates, it’s unfortunately from your own people. I don’t mean some sort of Mission Impossible double agent. I’m talking about just standard mistakes. Human error accounts for a lot of unsecure printing practices. 

1. Forgotten print jobs

The forgotten print job is one of the biggest security breaches in the workplace. If you forget or get sidetracked, and your print job is just sitting in the printer’s output tray, anybody can now collect your document and read any sensitive information. 

2. Printing to the wrong printer

This is related to print queue management and print driver deployment, but another common mistake in the workplace is printing to the wrong printer. You walk to your favorite printer, and your document’s not there. So you return to your laptop to remember last week you printed to the printer near the cafe. You hit print again and return to your usual printer. But you forget or don’t realize that your job is now sitting at the cafe printer for anybody to see.

3. Paper jams

Sometimes the document prints, but it gets jammed. So you select a different printer and restart the process. But if you didn’t open up your printer to collect your partially jammed print job, someone else can do so and now some of your information is unaccounted for. Worse still, when some office angel eventually clears the paper jam on the original printer, it will print the rest of your confidential document without you even knowing. 

4. Documents thrown in the trash

Similar to forgotten print jobs, there’s one simple leak that poses a major risk to your information security: documents simply discarded into a trash can or recycling bin. If a confidential document hasn’t been properly destroyed,  it poses a security threat. If the bins then are awaiting collection outside your building, that information is now accessible to outsiders. That’s what we mean when we say protecting a document throughout all stages of the print lifecycle, and that includes secure disposal of print jobs.

5. Automatic release/direct printing 

Many of the above risks occur when your printers aren’t secure. If you have no print management software and your printing is direct, with all your print jobs automatically released, there are no guardrails protecting your private information. When combined with secure destruction policies and practices, print management software will help you avoid the most common confidentiality issues with physical documents.

8 best ways to print confidential documents securely

Before I get into the surefire ways to print your sensitive documents securely, first I want you to understand all the points where your print jobs are vulnerable. Think of your print job’s journey. There are vulnerabilities before you press print, while you press print, and after you press print. To protect your print jobs, you need to secure them during every step of the print lifecycle. 

1. Secure Print Release

This is the bread and butter of secure printing. Secure Print Release means that your jobs don’t automatically spit out at your printer. They wait inside a hold-and-release queue until your users are literally standing at the printer where they will collect their jobs. The document will only print when your user confirms they are there to collect the printout. 

2. Find-me Printing (AKA Pull Printing)

Secure Print Release sounds like it could possibly be inconvenient. As in, you’d have to walk all the way to the same printer every time. That’s where a pull printing or Find-me printing overlay comes in handy. With Find-me printing, your print job sits in a virtual queue at all enabled printers in your workplace. It will only print at the printer you go to and authenticate with your ID.

Both Secure Print Release and Find-Me printing protect your documents while your print jobs change from digital information to physical output.

3. User authentication

All secure printing rests on authentication. To collect a document, your users should verify their identity to confirm it is them, the one who pressed print, collecting the document. Both Secure Print Release and Find-me/Pull printing are made possible with user authentication. Here are the various ways you can configure authentication in your print environment.

  • Card Reader Release - Users verify with a security card/fob/badge

  • PIN Number release - Users verify with a personalized numerical code

  • Mobile phone - Users verify by releasing with their mobile phone

  • Username/password - Users verify with their confidential, individual details 

Two-factor/2FA authentication

To literally double the strength of your authentication, you can configure 2FA. You’ll see this with many phone, banking, and software services. In order to verify your identity, you must supply two forms of authentication, which can be a combination of any of the above (i.e. PIN and a security card/fob/badge).

4. Secure your MFD with embedded software

Transform your printer’s usability experience with embedded print management software. The embedded software automates features such as user authentication for Secure Print Release and Find-me/pull printing. Securing your MFD with centralized print management software means ease-of-use for users, while giving sysadmins a centralized administration console from which they can implement secure device setup and protocols.

5. Encryption

Encryption is the backbone of secure communications technology. It’s why we use mobile internet banking without a second thought. All data is scrambled during the printing process with print management software, adding yet another layer of protection to your print environment. Our cloud-native solutions PaperCut Hive and PaperCut Pocket are equipped with end-to-end encryption where all metadata is encrypted at rest and motion with a 3-part key. With our self-hosted solutions, PaperCut NG and PaperCut MF, sensitive and confidential documents can be protected with spool file encryption using the AES-256-GCM algorithm which also uses multi-part keys - meaning every print job has a unique encryption key.

6. Print policies

Set rules and guidelines to ensure default best secure printing practices. Sysadmins can set simple pop-up reminders or automatically enforce rules like watermarking and digital signature (discussed below). 

7. Document afterlife care

Protecting your confidential information after you’ve pressed print is possibly the trickiest part of print security. Print management software offers you a variety of options to secure your printed documents once they’ve become a piece of paper:

  • Logging - view the origin, time, user, and document details for a print job
  • Archiving - view the original document if required
  • Reporting - customizable insights into your print environment
  • Watermarking and digital signatures - trace and identify the user and source of the print job 

Find out more about PaperCut’s printing visibility tools for document security.

8. Talk to your printing partner

We strongly encourage speaking to your print partner about how to secure your confidential documents. They’re the on-ground experts who regularly help organizations of all shapes and sizes with various needs of how to secure confidential and sensitive information. 

Secure printing best practices: 5-step secure printing checklist

The printed document must be secured across all stages of the print lifecycle: before, during, and after your users press print. To do so, you want to ensure your print environment has three levels of security:

  • Physical - Are your printers, devices, and document trash/recycling facilities physically secure?
  • Procedural - Are your practices and processes executed securely?
  • Technical - Is your print environment protected with technological guardrails?

When printing your documents securely, ensure you’re following the 5 steps secure printing checklist:

  1. Authentication - Users are required to authenticate to print
  2. Authorization - Only authorized personnel have printing access
  3. Access - Use access control and policies to administer printing privileges 
  4. Identify - Synchronise user identity records with directory services
  5. Audit - Ensure document aftercare with logging and archiving  

Want to take Secure Print Release for a spin? You can do so with a free 40-day trial of PaperCut NG.

FREE TRIAL

Read more about print security from PaperCut: