Editions   North America | Europe | Magazine

WhatTheyThink

Premium Commentary & Analysis

Broadly Defined, Printing Is One Hellacious Cyber Risk

Legal expert and printing industry pundit Kevin Keane contributes this article about the risks printing companies face as they handle an increasing volume of internal and external data. But he doesn’t stop there. He provides our members with specific steps that owners and managers must take to mitigate data breach risks.

PREMIUM CONTENT

Our mission is to provide cogent commentary and analysis about trends, technologies, operations, and events in all the markets that comprise today’s printing industry. Support our mission and read articles like this with a Premium Membership.

TO READ THE FULL ARTICLE

About Kevin Keane

Kevin Keane is a cybersecurity attorney whose initial career was spent in senior management roles in the printing industry.  He writes and speaks often now about cyberrisk in all industries and is currently Vice President / General Counsel / Equity Partner in Beryllium, LLC, dba Beryllium InfoSec Collaborative in Minneapolis.  You can reach him at [email protected]

Discussion

By James Daly on Jun 02, 2014

Kevin, certainly an eye opener I hope for many. Printers take on so many invisible liabilities today that it should scare the stuffing out of one and all. Yet most of the prevention is basic good business practice... treated seriously.

The easiest (and essential) first-line defense is indeed a concise purchase order, competent legal advice and good insurance. The harder part is tightening good manufacturing processes and process auditing. However that harder part, communicated effectively, is a tremendous sales and marketing tool because our customers are facing the exact same risks.

Thanks for an eye-opening look into your world.

Jim

 

By Kevin Keane on Jun 02, 2014

Thank you for the kind comments Jim, based on your comments to some of my other posts on other platforms, you clearly possess an acute understanding of the cyber risk reality for printing companies of any size.

But don't take my word for it, let's consider this article which ran in the New York Times on 7 April 2014 with the delightfully apropos lead: "They came in through the Chinese takeout menu" Thankfully not the printed menu!

http://www.nytimes.com/2014/04/08/technology/the-spy-in-the-soda-machine.html?_r=1

It's a cautionary tale and obviously the author's terrific reportage and reference to 'graphics' suppliers or even digital printers being doorways into the network, should cause every print company CEO to say, "OK, I need to make it MY priority to understand this cyber risk issue before my company ends up in the #databreach headlines, with our hard earned reputation in ruins."

Best regards Jim!

Kevin Keane

 

By James Boulter on Jun 02, 2014

Kevin, so true about the risk! We have been working on ISO 27001 certification for 6 months.

Until you do a full audit of risks associated with data handled by a printer in today's world! You don't comprehend the risk your company is taking on – Financial and Legal!

As Jim mentioned, a lot of security issues can be handled by common sense business practices. The other big key is training employees to recognize security problems. Most security breaches are employee related!

Great article Kevin!

Bolt

 

By Kevin Keane on Jun 11, 2014

Craftsman Book website hacked:

https://oag.ca.gov/system/files/Craftsman%206_2014%20Attorney%20General%20Sample%20Letter_0.pdf?

 

By Kevin Keane on Jun 14, 2014

Of Data Breach and The Ostrich Syndrome: "What, me worry?"

I scan the world's press every day looking for examples of printing companies being impacted by cyber risk and data breach.

The penultimate paragraph of the below linked article from Singapore and dated 5 June 2014 caught my eye:

"The infringement comes about six months after Standard Chartered Plc said wealthy clients’ confidential information was stolen in Singapore from a printing company. The London-based lender said in December it hadn’t found any unauthorised transactions since the theft from Fuji Xerox Co, which was hired to print statements for the 647 clients."

http://www.therakyatpost.com/world/2014/06/05/singapore-says-1560-online-accounts-breached/

So, I wondered who else had covered the story, which even though it is arguably more concerned with the enterprise printing world (and maybe managed print services) more so than traditional commercial printing, nevertheless it is still another cautionary tale:

http://www.bloomberg.com/news/2013-12-05/standard-chartered-says-client-banking-data-stolen-in-singapore.html

Inadvertent, accidental data breach, even one triggered by a disgruntled employee, or a careless third party vendor-supplier, or a forgetful print company owner :) can be ruinous for the reputation of the printing firm involved, and can cause existing customers to take their business elsewhere.

Furthermore, all too often the incident mushrooms and, as surveys report - something like 60% of small to medium sized businesses are no longer in business six months after suffering a data breach.

Complacency, a.k.a. "The Ostrich Syndrome," wherein one buries head in sand but alas leaves hind end exposed for the data desperadoes to attack your undefended flanks, is no way to run a railroad much less a printing company.

This week, we saw a notable quote from the Chairman of the FCC here in the US:

“Companies must have the capacity to assure themselves, their shareholders and boards – and their nation – of the sufficiency of their own cyber risk management practices,” he said. “These risk assessment approaches will undoubtedly differ company by company. But regardless of the specific approach a company might choose, it is crucial that companies develop methodologies that give them a meaningful understanding of their risk exposure and risk management posture that can be communicated internally and externally. That is what we are asking our stakeholders to do. Once individual companies have an understanding of their own risk posture, then we can answer follow-on questions about the appropriate way to communicate this risk to business partners, customers, and the public.”

FCC Chairman Tom Wheeler, speaking at the American Enterprise Institute, Washington DC on 12 June 2014.


http://www.cybersecuritybusiness.com/cybercrime/fcc-chairman-outlines-cyber-security-vision/

If I can help your company understand its cyber risk posture, and help you baseline where you stand today via a personalized risk ratio report, please let me know.

Be careful out there print pilgrims, because:

RISK can RUIN!

Kevin

 

By Kevin Keane on Jun 15, 2014

Xerox posted this excellent reminder of #cyberrisk and #databreach concerns arising from multi-function printing devices that are now commonplace, even in printing company offices, on 12 June 2014:

http://connectandexpand.channelnomics.com/2014/06/12/five-print-security-concerns-five-ways-address/