Do you find that poor printing infrastructure creates daily challenges for your business including substantial costs, lack of document security, potential GDPR risks and an unnecessary burden on your IT department? For one of the UK’s leading independent architectural companies the issue was no different.
Boasting a £35million turnover, over 200 employees and 10 offices across the UK, this company demanded a robust, structured system to ensure that all document management is as streamlined and efficient as possible.
Our client was looking for help to alleviate many of the difficulties it faced with its current supplier. Fundamental issues included:
The problem boiled down quite simply into the fact that our client was paying a lot of money for a very basic, inadequate service. Do any of the above sound familiar?
We began by auditing the company’s head office. The key priorities of the solution design were to:
MPP manage all our client’s printer requirements, including trouble shooting and monitoring and automatic replenishment of consumables.
We have reduced our client’s costs by 40%.
The next phase of our project is in the introduction of a rules based secure print solution to improve security and provide further efficiencies.
With the introduction of the above rules-based software, we know from experience that this will ensure ongoing reductions in our client’s print volumes.
With the above priorities in mind we created a structured, tailored solution that worked across multiple offices, and comprising of just one manufacturer.
“Having been highly recommended to us by a third party, we chose Managed Print Partners because they were independent consultants who took into account every part of our business – and didn’t just try and sell us one brand of hardware. MPP produced a cohesive, balanced deployment plan that suited our new working environment and even incorporated our tracking and billing software.
“The biggest impact the new systems have had on our business is the incredible cost reduction. Our costs have reduced by £100,000 p/a – we are now paying 40% less for 42 devices, including consumables, compared to the amount we were paying our last supplier for just 11.
What’s more, the printer-related calls to our help desk are now almost non-existent, which makes the whole system much more efficient. Managed Print Partners also provides invaluable ongoing support and advice. Knowing we can just pick up the phone and get a response straight away means we can focus on other areas of the business.”
GDPR Systems are only 20% of the issue.....
Regular visitors to our site and readers of our blog will know just how important print, print security and document management are in ensuring best practice and GDPR compliance. Yes, we have a vested interest in banging this drum and yes, we are working with clients to implement new systems, software, devices and processes to ensure they are compliant in plenty of time, but even we know that systems are only 20% of the issue.
The biggest part of GDPR compliance, the other 80% in fact is people – your people. Sadly, they pose the biggest risk in terms of data breaches or lax security. The good news is that if configured correctly, the 20% can control up to 80% of the 80% and provide fail safe measures to avoid issues.
Where, even the best thought out, GDPR processes will fall down is in human oversight. So, you have a policy and a process to manage the review of licences and expiry dates for data held on your systems. That job falls to a person, your data controller or maybe even someone without a specific documented remit in data protection. That person gets busy, that person gets ill or that person leaves – who picks up this activity and have they got the appropriate admin rights or skills to make the right decisions? The policy rapidly falls apart.
As previously documented here, the side of the business that we can help with – document management software, follow me print, secured network print devices etc. – can play a huge part in managing GDPR compliance. Workflow, user permissions and automated checks of document/data lifecycles can remove the manual intervention allowing users to go about their roles in the safest and most secure means possible. As well as providing compliance, correctly set up systems can also introduce valuable cost and time efficiencies.
You cannot remove people entirely from the system as the authors or users of the documents and data in question, and so there will always be an element of the process which relies on the human brain and/or common sense. But you can help them and support them by ensuring the 20% of your business that can be automated is set up in a manner which underpins and manages the other 80% to at least mitigate risk and provide a degree of fail-safe in the system.
Our recent blogs have focussed on the impact of GDPR around print devices and physical copies of documents, but in many respects that all relies on a degree of user management and human intervention – therefore common sense. There is another aspect of data management that needs consideration when taking GDPR regulations into consideration and that is the actual storage of soft copy documents, in safe and secure environments with appropriate management processes and controls around them.
Unless you are already using a dedicated document management system, it may be that certain files you hold or the way you store them leaves you vulnerable to breaches of GDPR regulations. To clarify this, when we speak about document management systems we mean software packages and systems that are designed specifically to store, index, monitor and manage electronic files – spreadsheets, PDF’s, office files etc.
For those using File Explorer or similar native built in/free to use filing cabinet systems, these do not, in our book, qualify as true document management solutions.
Probably the most obvious example is your data protection policy and any supporting documents that are created to govern your compliance with GDPR regulations. Documents that have a lifetime. These are not one-off documents that, once created, disappear into the abys. They should be agile refence manuals for day to day activity. In this respect they need regular review to ensure that working practices or the regulations themselves have not changed, exposing vulnerabilities. So a true document management system can use workflow to monitor the age of documents and prompt controllers to review them when required or if necessary, delete out of date documents which pose a risk to data protection.
For those purchasing or using data, which always carries a timed licence, for marketing purposes date sensitive management is incredibly important. How many companies reading this know they have a licence but cannot be sure when it expires and whether the data they use for marketing purposes is still valid? Document management systems can manage this for you.
Utilising workflow, user permissions and document control indexes true document management systems/software can be a vital tool in helping you achieve GDPR compliance, removing the reliance on significant manual intervention.
As we work with more and more companies to develop their GDPR policies and practices, it is clear just how deep the regulations go. So introduction of systems and processes that are fully integrated to your other software applications and hardware/devices will help minimise risk and ensure compliance.
Considering forthcoming GDPR regulations, the question of print and document management security is becoming a hot topic. A great deal of focus regarding data is placed on the storing and use of it and yet very little attention is paid to that same data whilst it is in the ether or when it is recreated in physical/hard print format. We have previously blogged about securing the print process in and around the end point i.e. at the printer, but what about the process up to the point of print?
In most organisations network security is taken seriously with thousands invested in it and yet this investment could be put to greater use to secure documents in the print queue, introduce print efficiencies and further reduce the security risk at the end point.
Over the years there has been a swing between centralised and decentralised print, meaning fewer people have dedicated printers immediately near their regular place of work. Add to this a more mobile workforce, global operations and multiple offices and you soon understand the risk that is posed by printing to the wrong machine in the wrong office at the wrong time. Furthermore, the traditional view of localised printing does not offer any flexibility to the individual concerned or reflect the fact that different job roles may require more personalised print settings, specific to the work being undertaken.
Making your print infrastructure more connected will solve all of these issues whilst further securing important data and files. Technology and software like ‘follow me’ print utilises the flexibility and security of the network infrastructure to enable on demand printing – allowing users to print the files they need, when and where they need it and only if they need it. Instead of an immediate print to device function, files are stored in the cloud or on a server, which forms part of the network and is covered by the investment in network security. The document then sits there, safe, until such time as it is called down to a device by the relevant user. The user specifies the device and the print settings at that point in time or if working across a range of connected devices can simply have a personalised print setting which identifies the user, file and device and prints the file accordingly.
As well as answering print security issues, technology like follow me print can help to reduce print volumes and therefore cost. So, if your print infrastructure is not connected and using the latest technologies, this may be another risk when GDPR regulations come into force in 2018.
GDPR legislation is set to highlight print device security as a major issue
The forthcoming introduction of GDPR legislation has once again shone a light on the security (or lack thereof) around print infrastructure. As highlighted in our recent blog about GDPR compliant workplaces, print hardware and devices typically remain the weak link in IT security.
What many people fail to realise is that most office printers have a hard disc and a network connection, just like a computer, and yet they are not afforded the same level of hardware protection. Printers present a back door to otherwise highly secure networks and as devices become more accessible, so the risk increases.
The introduction of Airprint technology and wireless printing can be useful from a user perspective, but it also makes devices more visible and therefore more ‘hackable’. To test the theory, we recently sat in a car outside a serviced office block and scanned to see how many devices we could see. An eye watering 25 network access points (excluding wifi access points) were presented for our selection. Now, we didn’t test the security behind these but our experience suggests that we could probably have hacked up to 50% of these with little or no effort, putting us on networks and able to access other devices or upload malware, trojans or viruses. A dedicated hacker would probably be able to access closer 75% and in far less time than a keen amateur.
With print infrastructure once again moving away from centralised print, back to a more generous scattering of devices around the workplace, the risk to IT security, if not taken seriously, will only increase. However, even secure network devices present a continued data risk if other aspects such as secure document destruction, immediate collection of confidential documents and on demand printing are not taken into consideration.
Securing your print estate is not as difficult or expensive as you may think, especially when compared to the risk:benefit analysis of not doing anything, and so we now recommend this as standard for all our clients. For more information, contact us today.
GDPR Compliant Workplaces
We’re used to hearing horror stories of laptops and USB keys going missing stacked full of data, or websites being hacked to access personal information; but despite spending huge budgets on securing electronic data, most companies still fall foul of new data protection regulations due to hard copy material.
GDPR (General Data Protection Regulation), which comes into force in May 2018, has once again shone a light on the subject of data protection and will introduce far reaching conditions on holders of data to ensure they are doing all they can to protect it. But walking around most offices, many have overlooked some of the most obvious breaches.
Working with clients to introduce print efficiencies and reduce costs, we spend a lot of time around printers, scanners and other networked devices that hold and generate significant amounts of data. Whilst most workstations are secured, it is amazing how few devices, such as printers, are not.
Printers are, to all intents and purposes, PC’s and if they are not protected can provide the same level of access to your network and data (as demonstrated in this HP video). Furthermore, incorrectly configured print management systems can result in secure and confidential documents/data popping up on machines around the building and not always in the right places. Not a problem if you remember to pick them up immediately, but how many times do we forget, leaving the content on display for anyone looking?
In the last 20 years, secure destruction of documents has avoided personal data ending up in freely accessible bins or blowing down the street, but these bags of documents are a data dream, all neatly packed together in a handy bag that can be picked up and taken away. How easy is that? By putting documents in these bags, we get a false sense of security, but actually all we are doing is creating a nucleus of data.
So, as we help clients prepare for the introduction of GDPR, one of the first things we do is a walkaround of their premises to point out these seemingly obvious issues. You’d be surprised how many organisations with highly secure, locked down IT processes are undermined by the simplest things.