Five Tips to Keep Your (And Your Customers’) Data Secure

August 12, 2024

Data management in the modern world isn’t just about making sure you have the right demographics, the right names and addresses, or even the right preferences. It’s not even just about making sure the right information goes to the right people at the right time. Perhaps the most critical part of data management is making sure you’re keeping all that critical business information secure.

It seems not a month goes by that we don’t hear about another data breach. Major companies scramble to explain how credit card numbers, user names and passwords, even social security numbers are scraped out of their systems by hackers looking for personal information they can turn around and sell on the dark web. In fact, the Federal Communications Commission (FCC), notes, “Theft of digital information has become the most commonly reported fraud, surpassing physical theft.”

And commercial printers are not immune.

As more and more printers take on the task of managing sensitive and proprietary customer data — not to mention their own valuable databases of information — it is only becoming more critical to have the right infrastructure in place to ensure all that data is as protected as it can be.

“Security is paramount to businesses that handle customer data (B2C or B2B),” stresses John Puterbaugh, vice president of Advanced Media and Innovation at Sussex, Wisconsin-based Quad. “Consumer rights around data should always be taken seriously for ethical and legal reasons.”

With that in mind, here are the top five things to do today to help secure data. Sadly, no system is 100% foolproof — none of these tips guarantee there won’t be a breach, but they can help make systems more difficult to infiltrate, protect information that might be accessed, and bring peace of mind to customers that their data is in good hands.

1. Install a firewall

Sure, it might seem like a “no-brainer,” but in reality, a lot of businesses don’t have a firewall, even today. It might add a few extra steps for users, but most of the work will be on the back end, making it far more difficult to get into a system in the first place. A firewall acts as a sort of barrier to prevent — or at the very least slow down — unauthorized access.

But this doesn’t just go for the main facilities. In this age of work-from-home employment for many positions, employees need to have a firewall on their home networks that is adequate as well, protecting data from a breach. If there is a firewall on the networks in a print service provider’s (PSP’s) building, but the salesperson accesses the databases from an unprotected home network, then a hole has been opened for someone to exploit.

On that note, employee training is critical to data security. There can be a solid firewall, the best servers, and the best IT team in the world, but if the employees accessing the system don’t know how to use — or understand the importance of — security measures, then those safeguards are ultimately useless. And because security tools change rapidly as they seek to stay one step ahead of the thieves trying to break in, this training can’t be “one and done”. Make security updates a regular part of
employee culture, quarterly if you can manage it, or at the very least once a year.

“Every printer must have a rigorous process for adhering to data privacy laws that is clear and understood by every employee,” Puterbaugh says. “At Quad, we have a team of dedicated individuals whose responsibility is to create, maintain, and monitor a robust security program to help keep our information assets secure.”

2. Have encrypted backups

Today’s hackers aren’t always interested in the actual data itself — after all, with all the breaches of the past few years, it would be hard to claim the information was new, making it a lot less valuable to the criminals purchasing it. Instead, many of these hackers have started using a new tactic — taking data hostage.

Usually using a virus of some sort as the entry point — which is why firewalls are important — these attacks don’t steal the data. Rather, they aim to take it hostage, locking down systems and locking out employees in a bid to be paid a hefty ransom. There have been some high-profile examples of this in the news, such as groups taking over hospitals or power plants. But that doesn’t mean they aren’t targeting other types of business as well. Yours could be vulnerable.

One way to mitigate the risk is to have solid, encrypted, off-network — and off-site if manageable — backups so if a network is compromised, the entire thing can be deleted and restored prior to when the hackers accessed it. To do this, however, there needs to be a backup to begin with.

There are a number of solutions out there for this, and it is critical that whatever is chosen has a few things going for it:

• It needs to be on a completely different network, with the only overlap being the daily, weekly, or monthly exchange of data. If a bad actor gains access to the primary system, you need to ensure they can’t jump to the backup as well.

• It should be encrypted. While all data should be encrypted to add another layer of protection, this is even more true for backups. Because a backup system isn’t designed to be accessed on a regular basis by users, a much stronger encryption can be used versus what would be used with the primary database.

• It should ideally be off-site. This adds another layer of protection, since it helps keep the networks even more separated. It also provides additional benefits, such as security against things like fire, flood, natural disasters, or power outages, for example, that might impact your primary location but not the backup. Even if a PSP has multiple plants in multiple locations, it might be a good idea to choose a data center completely unrelated to the business for an extra layer of protection.

• It should be automatic. Backups are only useful if they are updated. Building a secure, off-site platform won’t do much good if the data is outdated when disaster strikes. Ideally, data should be backed up at least monthly, although weekly — or even daily — is a better plan. Whatever frequency is chosen, make sure it’s an automatic process that runs in the background without needing someone to remember to trigger it every time. Having a manual update mechanism isn’t a bad idea either. For example, if a PSP has just completed a major job, or a customer has sent a large chunk of data for an upcoming job, but the backup isn’t scheduled for several more days, being able to push to back up the data is a beneficial feature.

“We have a dedicated data security officer and team within our IT group that is 100% focused on ensuring our environment is secure, that our people are trained on required procedures around data, and that our security is constantly tested and evaluated on how we combat external threats,” says Erik Haugen, vice president of Data & Analytic Services at Wheeling, Illinois-based SG360°.

Malte Mueller, Getty Images

3. Control the physical access

Just as you should ensure the network employees can access a database from is secure, you also need to ensure that the hardware they’re doing it from is secure. Whether it’s a desktop system in the plant, laptops issued to remote or traveling employees, or even mobile phones that can log in and see job status information, it needs to be secure.

One way to do this is to issue hardware to employees as needed, with security software installed to lock down as much as possible, such as preventing employees from installing their own software on a laptop. This can help cut down on the exposure to potential viruses or other methods of gaining access to the data. If that’s not possible, requiring separate user accounts on equipment for work-related activities, regular password resets, two-factor authentication methods, or even installing security applications that allow the IT team to remotely access, track, and/or shut down the device are all strong options.

In addition, not every employee should have access to every system on every device. To improve security, create a data management system that allows granular control, giving each user access to the specific tools and databases they need to do their jobs — and nothing else. While it might cause a bit of frustration at times if someone needs to access information from a system they aren’t keyed into, by creating barriers, hackers can’t easily access an entire system if they gain a foothold.

4. Secure your Wi-Fi

Another one that might seem simple but is often overlooked is Wi-Fi. Don’t enable a Wi-Fi network accessible to anyone. At the very least, lock down the primary Wi-Fi network with a strong password only available to employees. For those PSPs that want to offer network access for guests, all modern routers allow the creation of “guest networks” that provide internet access, but no direct path into your databases.

To be even more secure, a Wi-Fi router can be set to hide the SSID, or Service Set Identifier, which is the name you see in a list of open networks. This essentially makes it a hidden network, and IT would need to be prepared to manually add new devices when required, rather than allowing users to log in themselves. Yes, it is an extra step and not as convenient, but it is one less entry point to steal your — and your customers’ — data.

5. Keep up to date

Finally, perhaps one of the best security tips to keep data safe is to keep all software up to date. Whether it’s the operating systems, the applications used, the software programs run, or even the firmware for the equipment, manufacturers are constantly pushing updates designed to stay ahead of those looking to exploit their systems.

It can be easy to push off updates, but the reality is that every update skipped or put off potentially leaves a PSP vulnerable to an exploit someone has discovered.

Take the steps before it’s too late

In a world increasingly dominated by multichannel applications, where commercial printers are asked to take on not just the physical application but all the other moving parts, data is only going to become a bigger part of business. As that happens, the risk of being a target for hackers and criminals looking to steal information increases.

Taking the steps to secure databases and educate the team before there’s a problem can prevent the vast majority of incursions from happening.

It will provide peace of mind knowing that, even if the worst does happen, you’ll have the tools needed to immediately shut down compromised equipment and restore lost information without missing a beat.

A Closer Look at the National Data Rights Legislation
In a recent article published on PRINTING United Alliance's website, Stephanie Buka, government affairs coordinator for the Alliance, takes a deep dive into proposed national legislation for a data rights act. The proposal is currently in what is called a discussion draft, which is what members of a Congressional Committee will create to circulate among their colleagues before tweaking and formally bringing a proposed bill to the main body for debate and voting.

If enacted, this draft will become the American Privacy Rights Act of 2024 (APRA), the first national comprehensive consumer data privacy rights law in the United States.

Buka breaks down all the proposed elements, who they would impact, and why printers should care. If it is passed into law, it will preempt any current or future state comprehensive privacy laws. This is a must-read for any printer working with data in any capacity, so we highly encourage you to check it out — and get involved with your local, state, and national representatives to ensure your voice is heard.