You've Been Hacked!

By Noel Ward, Editor @Large

Well, maybe you haven’t been hacked (that you know of), but chances are one or more of your customers has, whether or not they are willing to admit it.

I was getting a glass of wine at the One Canon event a few weeks back when Carlos Fernandes the head of Agile Cybersecurity Solutions came up and introduced himself. He asked how familiar I was with the issue of cyber security. I said that to be honest, I’d thought of data security as something important, but not always as a critical consideration for people in the printing business, outside my friends who run transactional service bureaus. Wrong answer.

I learned more the next day when Mr. Fernandes (whose company is partnering with Canon) took the stage and explained the rather scary fact that many, if not most, U.S. corporations have been hacked in one way or another. We hear about the high profile ones in the news because they involve household name enterprises and millions of records, but most companies are much more vulnerable than most of us realize. Following up on this after the conference I found that data security is something to which every print provider should be paying attention.

As it happens, I know a fellow who works in data security for IBM, so I talked with him. He agreed with all that Mr. Fernandes said especially the way some hackers operate. The bad guys don’t necessarily attack systems for a one-time raid on end-customer account info and identity theft. That “ex-filtration” of data may come later. More insidious, some of the bad guys install malware that goes after weak points in a corporate network, but remain fast asleep, hidden until needed. I bring it up to provide another thing to keep you awake at 3 AM.

What can make this bad for print providers is that the data you may be working with for say, a variable content direct mail offer, can be a tad more exposed than you may like, especially when it is being printed. And, because your favorite NexGendigo digital press has its very own IP address, that data may be virtually naked to anyone with the tools to look at it. In many cases this IP address can be an onramp to lots of data that your and your customers would probably prefer to keep close to the vest.

This vulnerability can be on display in your parking lot. Go outside with your smartphone or laptop and let it look for open networks. You may find that the guy who installed your NexGendigo didn’t bother to put any security on the press’s IP address or simply used a basic password like ‘admin’ or the press model and name of your business. With the right software—readily available on the “Dark Web,” access to much or all of your entire computer system can be gained through your printer. It is not necessarily simple but hackers, well they just slurp another Red Bull, inhale a new slice of pizza and crack your system.

Various security programs offer ways to deal with this, usually by adding varying levels of encryption and security. Some, like uSecure from Transformations, keep the security fully in place even when a job is being printed. That particular tool is aimed at data centers and service bureaus that work with financial, insurance and healthcare data, rather than the average commercial shop, but in an age of security paranoia that level of protection has a certain allure. I’m just guessing here, but as a printer who may handle various forms of private data, you probably don’t want your systems to be easily accessed.

Mr. Fernandes referred me to some of his extensive writing on these topics so I tapped into a trove of his work to find some key points to share. The first thing is what he terms “precognition” or forecasting future events based on historical patterns and knowledge. At first glance it seems like smoke and mirrors but it actually leverages technologies the bad guys use and even how they think, to identify ways that can stop them from doing things you’d rather didn’t happen.

Within precognition Mr. Fernandes includes Predicting, or understanding threat potential; Preventing, or actively blocking intrusion into your systems or data; and moreover, doing this all Persistently because no attempted attack or intrusion is likely to be the only one. If they get in once your shop becomes low hanging fruit, and they’ll be back.

It used to be that business owners worried about protecting their building and the contents. That’s still important and is the easy thing for which to buy insurance. But digital assets—yours and those of your customer for which you may be responsible—are often far more valuable. When is comes to digital security, you have to decide what you stand to lose if you don’t protect your digital assets.

What About Profitability?

What about Profitability?
Offset yields new advantages

Read All About It