Security Critical For Networked Office Systems

By

The workplace is an ever-evolving environment, with creative ideas and advances in technology providing exciting opportunities and new solutions each day.

Office tech has played a prominent role in the achievements of businesses of all sizes, and in recent years it has revolutionized the role of communications by expanding equipment capabilities and integrating various devices and functions into a corporate network.

It seems that overnight an entirely new era in information management has been created. But is your document information secure in a network environment?

Securing these new network office systems often is overlooked as part of an overall network and information strategy. This must change quickly. Security breaches are touching every business sector and affecting virtually every conglomerate, independent company, satellite branch and boutique operation.

Information often can be classified as “sensitive” or “privileged” and thus may be critical to the healthy operation of a business. At times, it can be “private,” such as an individuals performance appraisal, medical records or payroll numbers. The common thread is that somehow, someone will possess the capability and opportunity to print, copy or distribute this information.

This should concern management and office administrators in the insurance industry. All segments of the industry need to review information held in databases and take proper security protection measures. If you havent been worried about your networks protection capabilities, then the new medical privacy regulations may just change your mind.

The Health Insurance Portability and Accountability Act (HIPAA) mandates that health insurers take steps to protect the privacy of patient-related information, including medical and payment data. Steps required include physical and procedural safeguards, as well as employing technological advances to secure patient information.

In some cases, significant workflow re-engineering may be required, and new office technology is likely to play an important role in helping organizations comply with HIPAA.

As more data is transmitted electronically–health claims, remittance/payment, claim status inquiries, eligibility, case review and a host of others–just about all patient information will be subject to the regulations. All this data, which can be distributed or printed at the push of a button, needs to be protected. Unauthorized disclosures can quickly incur costly penalties under HIPAA and can erode customer confidence.

Even if your organization has built a formidable firewall to thwart outside threats, be aware that the enemy may be closer than you think and use entry points you may not have considered possible. Industry figures indicate that internal systems are often the primary attack point.

In a networked office environment, security is an issue of increased importance because a multifunctional device (printer/copier/fax/scanner) is accessible to a greater number of people. As with any other device on the office network–routers, servers and desktops–sensitive information passes through these units and may be stored on hard disk media. Information also temporarily resides in memory. Any “parking place” on these devices, however temporary, should be of concern.

As systems have matured, networks have grown into boundless pathways that allow even the most na?ve user to gain access to information. This is data users never knew they could find, let alone distribute, manipulate, steal, modify, add to or delete. The costs of misappropriated data can be high, not just in business efficiency, but also in liability and regulatory noncompliance penalties.

To stop perpetrators of data theft, loss and/or misrepresentation, manufacturers of office networked systems are designing security capabilities to address life, health and financial insurance industry issues. Following are some features that office administrators should be looking at when purchasing new equipment or enhancing current office inventory.

Seek solutions that are developed in accordance with the most stringent security requirements. Proper security features should concentrate on data overwrite protection in addition to standard device security and network/print protection.
Security features should be designed to help prevent data loss, help protect against unwanted device infiltration and help keep information from becoming compromised.
Following job completion, a security breach can occur when latent image data remains on the hard disk of any piece of office equipment. To prevent the possible misuse of valuable data, the system should permit internal software to configure systems to randomly overwrite internal hard disks and erase previously stored data.
Print sensitive documents using a secure print method when appropriate. Secured printing stores data in dynamic memory rather than on a hard disk drive, so data theft is more difficult. The user also enters a per-job password to release the job, so printed documents do not collect in the output tray where they can be easily intercepted.
To reduce unauthorized use of faxed documents, prevent faxes from collecting in the output tray. Instead, hold inbound faxes in memory and release them to print via a password. Eliminate printed faxes entirely by forwarding them to an e-mail address, a network folder or a database. This option also aids in maintaining an electronic record via simplified workflow.

Security capabilities should require user registration and passwords before accessing copying, scanning and send capabilities. Other features include limiting the maximum number of copies permitted, determining system mailbox allocation parameters and permitting or denying access to facsimile services.

Some models of office equipment feature multiple user electronic mailboxes resident on the device. Mailboxes are useful in enhancing workflow and can be used for storage of scanned and printed data, for integrating scanned and printed data, or for long-term document storage such as forms. Passwords should be used to protect mailbox contents, with a unique password for each mailbox.

Maintaining a complete audit trail for scanned or sent documents is critical for HIPAA and other compliance. E-mail systems maintain a documentation trail and so should copier-based document distribution systems. Devices used to distribute sensitive information, such as medical or financial documents, should log events and include the users name or ID, the time sent and the nature of the action.

Setup screens should be password protected to ensure administrative device settings are not changed. Administrators can set printing network information, system configuration, and enable/disable device applications and network protocols.

is director and assistant general manager, Integrated Business Systems Division, Canon U.S.A. Inc., Lake Success, N.Y. For more information, access www.usa.canon.com.


Reproduced from National Underwriter Edition, March 31, 2003. Copyright 2003 by The National Underwriter Company in the serial publication. All rights reserved. Copyright in this article as an independent work may be held by the author.