Cabinet Files incident reveals dangers of poor document security policy
Document security breaches aren’t confined to hackers sneaking through your print server. They’re not even strictly digital. Sometimes they occur through simple human error. Take the “Cabinet Files” as an example …
When selling a filing cabinet means selling your secrets
Sometimes the biggest security breaches happen by mistake. Such was the case for the Australian Government amid the revelation that hundreds of classified documents had fallen into a civilian’s hands through the purchase of two filing cabinets – the so-called “Cabinet Files” incident.
Document security isn’t just about guarding against hackers; your print security policy must factor in at least four potential security breach areas.
The 4 factors of document security
A handy way of looking at document security is to think of onions. Specifically, an onion’s layer. Each of the following factors represents an added layer of security.
You need to think about:
- Protecting your devices that are access points to your system from hackers
- Controlling each document at the point of printing and only giving print release access to those you authenticate
- Stopping sensitive documents from being printed at all using print policies
- Adding traceability to the printed page itself with watermarking and digital signatures
Let’s take a closer look at those factors.
Protecting your devices that are access points to your system from hackers
This is the most obvious layer of document security, and the most often implemented. We’re talking about the security measures that thwart external or malicious attacks. Initiatives such as firewalls, antivirus software, SSL, encrypted admin connections and so on.
But this is only the first layer of the print security onion. Because it’s also important to think about …
Controlling each document at the point of printing
And only giving print release access to those you authenticate. This is where PaperCut steps in, to ensure that only the owner of the document is the one who picks it up at the printer.
Your print server setup must be able to authenticate your users every time they print, no matter what device they use – even in BYOD situations. This allows you to identify when, who by, where and what’s been printed. Reporting and the ability to archive print jobs is essential for security here.
As is …
Stopping documents from being printed at all using print policies
Again, this is where your print management solution is required. Without it, you can’t control what your users are printing. For example, imagine being able to stop your payroll team from printing payslips without being physically present to pick up those sensitive documents. Or, you want to block print jobs from an application which contains sensitive information, such as a banking application.
And speaking of sensitive documents, you should think about …
Adding traceability to the printed page itself with watermarking or digital signatures
This is the most important innovation in print security for documents that have already been printed. Being able to watermark or digitally sign a document ensures the user is identifiable.
It certainly aids in changing the behaviour of absent-minded employees, and it may help a rogue employee reconsider sharing a sensitive document as they can see the document can be traced back to them.
What the government should do differently next time
Of those four, not printing the documents in the first place would’ve been helpful for the Australian Government. However, that’s not always feasible. Filing cabinets need their fill of paper filing, after all.
Rather, these documents would’ve benefited from having a digital signature embedded in each print out. The printer would likely have had second thoughts about abandoning their documents to a second-hand store if they knew their name or employee identification was recorded on each sheet.
It’s a good thing there’s software that helps with all that!