European organisations unaware of printers IT security risks

(18/06/2009)

Despite public concerns about the protection of sensitive information, organisations across Europe are failing to take steps to protect it. According to a Samsung Electronics Europe-wide survey of more than 4,500 workers in the public and private sectors, companies are not putting in place appropriate measures to protect confidential information.

56 per cent of workers regularly see confidential documents abandoned on the printer and over half (51 per cent) of those surveyed are not aware of any processes or technologies in place at their organisation to protect the printer network itself.

Those working in the banking/finance sector were most likely to see confidential documents, with more than two thirds (68 per cent) of respondents seeing these on the print tray. The healthcare sector did perform better, but still more than one third of respondents (34 per cent) admitted to finding personal patient information left on the printer – including health records (38 per cent) and lab results (34 per cent) that they never were meant to see. These respondents were not just doctors and nurses – almost half (44 per cent) worked in roles such as marketing, operations, finance and IT.

The survey, conducted by Lightspeed Research, polled workers at companies with at least 50 people from eight European countries. The results reveal that although people know that safeguarding confidential documents is crucial, with almost two thirds (65 per cent) recognising serious consequences as a result of confidential data being exposed beyond their organisation, most do not realise the security risks that uncontrolled printing introduce to their business. IT security loopholes are emerging, which combined with careless printing habits compromise corporate and personal security.

Germany had the highest rate of abandoned documents, with 69 per cent of respondents reporting seeing confidential data on the print tray at least once a month, followed by Spain with 67 per cent. France was the most conscientious about protecting printed documents, but still one-third (34 per cent) of respondents inadvertently saw sensitive documents on the print tray at least once a month.

European workers are not even taking steps to protect their own personal data, with almost half (48 per cent) of survey respondents reporting seeing private documents sitting on the print tray. The respondents have learned undisclosed details about their colleagues from the print tray, including salary details (19 per cent), performance appraisals (15 per cent) and CV information (30 per cent).

“The results of the research show that organisations across Europe need to take more precautions to guard against security threats associated with their printing network and document output,” explained Graham Long, Vice President, European Printing Operation, Samsung Electronics. “Simple measures such as PIN code released prints and educating employees about proper printing procedures could significantly reduce the number of abandoned documents on the output tray and protect businesses from serious security breaches.”

Beyond the behavioural aspects of protecting printed documents, there is also a lack of knowledge about IT security risks that printers bring into an organisation. Almost 7 in 10 respondents (69 per cent) did not realise that printers store all recent documents on an easy to remove hard drive, while two thirds (65 per cent) didn’t know that a networked printer can be hacked in a similar way to a PC.

Surprisingly, even the IT department is in the dark about the risks; 50 per cent didn’t realise the threats associated with the hard drive while four in 10 (39 per cent) didn’t know that printers can be hacked. This lack of awareness is reflected in the low levels of precautions reported to increase the security of the printing network; over half (51 per cent) of respondents were not aware of any printing security processes or technologies at their company.

“The organisation’s printing environment can often be overlooked by IT departments when investing in business infrastructure security solutions,” said Leigh Worthing, Senior Research Analyst, Western European Peripherals Group, IDC. “This in turn can lead to potential security weak spots for businesses, especially when we consider the increasing number of fully networked MFP and print devices currently being deployed in organisations of all sizes. With this in mind, security is certainly an area that needs to be carefully considered by decision makers when it comes to purchasing choices related to printing hardware and solutions.”

Over half of UK employees regularly see confidential documents abandoned on the printer. Almost half (47 per cent) of UK employees not aware of any printing security processes or technologies in place at their organisation to protect the printer network itself.

Those working in the banking and finance sector in the UK were most likely to see confidential documents, with 40 per cent of respondents seeing these on the print tray. The UK healthcare sector performed better, but still more than one third of respondents (37 per cent) admitted to finding personal patient information left on the printer – including health records (26 per cent) and lab results (19 per cent) that they never were meant to see. Across the regions these respondents were not just doctors and nurses – almost half (44 per cent) worked in roles such as marketing, operations, finance and IT.

Furthermore, it appeared that UK workers are not even taking steps to protect their own personal data. Just under half (46 per cent) of UK survey respondents reported seeing private documents sitting on the print tray. Respondents reported that they have learned undisclosed details about their colleagues from the print tray, including salary details (14 per cent), performance appraisals (the highest in Europe at 22 per cent) and CV information (34 per cent).

Beyond the behavioural aspects of protecting printed documents, there is also a lack of knowledge about IT security risks that printers bring into an organisation. Eight in ten UK respondents (80 per cent) did not realise that printers store all recent documents on an easy to remove hard drive – the worst score in Europe, while 76 per cent didn’t know that a networked printer can be hacked in a similar way to a PC.

“These results reveal that there is a clear understanding across UK companies of the need to protect confidential documents, as the most cautious of all the European countries about protecting sensitive information,” says Geoff Slaughter, Director of Samsung Print in the UK.

Slaughter added: “However despite this there is still a long way to go before they can say they are free from the security risks of their printing network. The potential for security breaches is vast and can only be overcome if employees in each and every sector are educated around the pitfalls of leaving abandoned documents, and with the help of a controlled printing process. This includes ensuring the simplest measures are taken, including introducing document shredders and PIN codes on printers.”

Security is a critical business factor, especially in workgroup environments where devices are shared and documents of a sensitive nature are produced. Information security cannot be ensured by simply deploying a software tool. Samsung’s approach to safeguarding a document for its entire lifecycle is a three-pronged strategy that includes: printing security, document security and network security.

Related topics:  Data management and data security   Network Security   Security management and policies 

Print version | Email to a friend | Related articles

Data breaches: Trends, costs and best practices gives you all the latest information on securing personal and corporate data, key recommendations for immediate action to improve data security, and how to respond to data breaches.

Other Security news and resources