Yahoo, Equifax, Anthem, Ebay, Target, JP Morgan, Home Depot, Adobe, the CIA, and Hillary Clinton’s emails. What do they all have in common? In the last 4 years, their infrastructures were breached and data was stolen. So how secure is the marketing data you freely turn over to your printer or service provider to execute direct mail, email, and other marketing programs?
Let’s face it, if all the big names I mentioned above can be hacked, anyone can be hacked. But there are many things a company can do to reduce the chances of having a data breach. The first thing is simple: take the threat seriously. Printers don’t typically view themselves as targets for hackers. We don’t usually have the keys to millions of social security numbers or credit card numbers, etc. So many printing companies don’t take data security as seriously as they should. But a breach of marketing data IS a serious issue. At a minimum, it is a PR disaster and huge embarrassment for the brand that owns the data. At worst, it could require a ton of money to communicate the breach to customers and a negative effect on the perception of the brand resulting in lost revenue.
About now you may be saying to yourself, “I’m not a technical wizard. How do I know if my printer takes data security seriously?” Well, a firewall and a secure FTP site are not it.
Here’s how.
In addition to physical security, annual audits, background checks and early detection, it’s a matter of alphabet soup known as ISO/IEC 27002, SOC 1, SOC 2, SOC 3, PCI-DSS, and HIPAA. The first step to any respectable data security program is to know what standard you are trying to achieve. In many of the best data security programs, this is ISO/IEC 27002. ISO/IEC 27002 is a third-party standard that provides the best practices for implementing and maintaining an Information Security Management Program. If your printer is not using ISO/IEC 27002 as their guide and submitting to annual reviews, start getting nervous. It provides the foundation for every aspect of a sound security program.
The next thing to ask about is Penetration Testing. As I mentioned above, every company can get hacked. It’s very difficult to keep hackers out. The question is: once the hacker is in, how much damage can he or she do? An annual penetration test helps the printer understand how effective the security controls are by learning how long it took for the hacker to get into the network… and it reveals if the hacker could get to any critical data or files. Hackers don’t get to important data in a well constructed and secure network environment.
Lastly, there are all those acronyms! SOC, PCI, and HIPAA are all data security and internal process standards for financial, medical and other forms of data. The most secure printers will have all their data stored at a top-tier datacenter with SOC, PCI, and HIPAA compliance in place. A datacenter also allows for data duplication with geographical distribution of mirrored data. In case of a natural disaster, the data is replicated elsewhere. This is far more expensive, but far more secure. Again, how seriously does your printer take data security?
As you might expect, Baesman takes the security of our clients’ data extremely seriously. We work for some of the biggest brand names in the world and have testing and compliance reviews completed by some of the most highly-regarded security partners in the business. Baesman also does background checks and drug screening on all new associates and we have a secure facility with key card access, helping to prevent hacks that originate from the “inside,” as many do.
Give us a call if you want to learn more about how we protect your data.