SPONSORED SECTION
csa.canon.com
DOCUMENT AND
PRINT SECURITY:
LAW FIRMS’ ACHILLES HEEL
Data security may be the single hottest topic today among law firms as
well as businesses of all kinds. Every week, there seems to be another news
story about an organization that has somehow lost sensitive information.
In a recent study done by Marsh, 51 percent of respondents said their law
firms had not made substantial efforts to reduce cyber threats.1 But it’s not
just cyber theft that poses a risk; document theft is also a major liability.
Given the amount of paper documents and sensitive
information found at law firms, one would think that they
would have an increased focus on document security.
Yet Information Governance 101 posits that law firms
actually may be the weakest link in information security.2
Law firms often overlook some of the most common
and simplest ways that confidential information can
be leaked, including unprotected and unsecured
printouts left on printers and multifunction devices
(MFDs), documents stored digitally on these devices,
and unauthorized scanning or faxing of documents.
Nearly every law firm is—understandably—tight-lipped
when it comes to discussing potential breaches. However,
in this sector anecdotal evidence abounds of the threat
of poorly monitored printers, unencrypted data, and
unsecured printed documents. Whether it’s information on
litigation strategy or confidential contracts and settlements,
legal sources say that the problem of keeping information
secure is far more widespread than anyone might suspect.
The average law firm may not fully realize how important
it is to ensure the security of MFDs and printed output.
Breaches from authorized access can be a much larger
threat, since you don’t know what you’ve lost until after
you’ve lost it, with potentially dire consequences.
LegalTech News, September 2016 1 SS
allows your administrator to monitor, measure, and
report on how staff utilizes the devices and services—
critical information if an issue arises. Policies can also
assign specific document printing and management
privileges to each user, based upon their role within
the firm. Some users or guests may have access to very
basic functionality, while partners would get more
privileges. The system can then identify and document
normal usage patterns, making it easier to rapidly
identify outliers and examine individual events for a
potential breach.
CLOSING THE GAP
With document management becoming a critical security
initiative, law firms must accurately assess the risks. To start,
they must build a well-documented and detailed strategy
for print security and management.
A comprehensive plan identifies all potential sources of
information leaks, and should track normal workflows.
To ensure that the plan meets the needs of today’s law
firm, it should address both mobile and in-office print
management. The firm must also implement systems
that can deliver detailed usage metrics and management
reporting; this data can be used to validate compliance
and satisfy audit demands. Sophisticated tracking can help
identify any discrepancies that indicate information loss or
control issues.
It is important to develop the plan with a keen eye toward
how it can best serve the firm and its staff. If the plan
creates onerous policies or requirements that negatively
impact productivity or profitability, users won’t implement
them consistently. If the revised security plan is too
complex, staff will default to their own “workarounds” that
may reintroduce security issues, effectively negating the
effort spent to develop the plan.
Four best practices for improving your
document security position
1.Device Security — Securing information at the
device is the starting point. User authentication should
be required for printing, copying, and scanning. It
2 SS LegalTech News, September 2016
The authentication solution must support numerous
methods for verifying the user, including PIN, password,
employee badge, or other token/physical object.
Administrators must be verified before accessing
settings or the device’s address book.
Device-specific security features must also be part of
the solution. The system should support functions
beyond usage tracking and privileges. Some examples
of this include restricted access to the device’s USB
port or using secure, password-protected printing.
It is important to be able to verify the security and
integrity of any third-party software used on the
device in order to help prevent malicious use or the
introduction of malware.
These authentication tools must work with other
identity management tools frequently used at law
firms, one of the most common of which is Microsoft’s
Active Directory (AD).
Finally, whether a firm has just a few MFDs or a
hundred, the organization needs a single point of
device management. This ensures that all activity is
tracked and monitored. A centralized management
console lets the administrator troubleshoot, identify
unauthorized access, update user credentials, and
perform other tasks to ensure secure MFD use.
2.
Information Security — A complete security policy
includes not only the device, but also information and
data. A solution that requires users to be physically
present at the MFD in order to print their documents
can help ensure document and data integrity and
reduce the threat of lost data or breaches.
Pull-printing technology and secure “mailboxes” on
each MFD can also enhance information security. These
SPONSORED SECTION
csa.canon.com
technologies help to ensure that documents can only
be printed after the user authenticates and is present at
the device to retrieve the documents. Integration with
an Enterprise Content Management (ECM) solution,
which allows the MFD to facilitate file storage and
sharing with full security, can improve usability and
document protection as well.
Because many MFDs contain internal hard drives, print
jobs should be encrypted. And, of course, hard drive
data must be password-protected. A complete solution
ensures secure data deletion, too. A Trusted Platform
Module (TPM) chip that stores passwords, encryption
keys, and other sensitive data outside the hard drive
can also enhance security.
Other security features include secure watermarking,
which embeds specific text that is only visible if a
document is photocopied. It is also possible to embed
tracking information that only administrators can
see. Digital signatures are also a common way to
verify authenticity. Finally, Adobe’s LiveCycle Rights
Management ES software can help provide much
tighter control of PDFs.
For fax-enabled MFDs, firms should eliminate the
fax service’s access to the local area network (LAN),
which will make the law firm’s network inaccessible
by phone line. It is also important that the device have
the ability to verify that a fax conforms to the correct
format so that no malware or viruses are introduced
via a tainted fax file.
3.
Network Security — MFDs are usually connected
to the LAN, which requires network security for the
device. As with other such devices, the law firm’s
firewall should prevent direct external access to the
MFD and guard against viruses and malware. Law
firms may also be interested in using IP address and
port filtering, which limits network access to specific IP
addresses or ranges as part of a holistic protection plan.
firms, require full audit and usage tracking. The data
that comes from such tracking reveals a clear chain of
custody for all paper and electronic documents.
Logging and audit tools must work seamlessly with
printer management and user authentication tools.
Full tracking data, either by individual or law firm
function, is essential. It is equally important that the
solution allow the administrator to view all printing,
scanning, copying, and faxing activity in an easily
searchable format.
The use of scan lock-and-trace functionality is an
important part of logging and auditing. For example,
if a locked document is copied, scanned, or faxed, the
system reports this to the administrator and creates a
log of the unauthorized activity. This allows law firms to
gather precise information on any activity. The function
should have escalating lock levels to provide flexibility
in how this function is actually implemented.
Canon Solutions America’s approach
to the document security problem
Canon Solutions America is committed to serving the
legal community. They specialize in helping firms evaluate
their document process by analyzing workflow, processes,
and infrastructure. Their extensive experience with
cost recovery, security, and document distribution has
helped rank Canon as a hardware and software solutions
leader in the legal market. Buyers Laboratory Inc. (BLI)3
has recognized Canon’s uniFLOW as an “Outstanding
Systems should support encryption protocols such as
SSL to protect print data as it traverses the network.
Strong wireless encryption and authentication
standards are also necessary since more of today’s
MFDs have Wi-Fi functionality.
4.
Logging and Auditing — Compliance and regulatory
demands, along with the unique demands of law
LegalTech News, September 2016 3 SS
SPONSORED SECTION
csa.canon.com
Document Imaging Solution” and an “Outstanding
Document Security Solution.” Canon Solutions America’s
industry insight and experience can help streamline your
law firm’s everyday work processes, provide enhanced
security to protect against unwarranted breaches,
and deliver innovative mobile solutions to address the
emerging needs of today’s evolving legal workforce.
Canon Solutions America’s portfolio of secure output and
device management offerings include:
•
Universal Login Manager (ULM) — A serverless login
application for Canon imageRUNNER ADVANCE devices
that provides an easy and convenient solution for user
authentication. ULM allows comprehensive access
control on a per-user basis and delivers simplified
tracking, allowing organizations to obtain an overview
of user or device usage activity. ULM’s simple user
authentication includes card login, PIN code, or user
name and password, using local or Active Directory
(AD), with minimal IT requirements.
•
AA-PRINT — A serverless solution that combines
the productivity of a print-anywhere solution with
the security of log-in management to control and
track user access on Canon imageRUNNER ADVANCE
devices. Users can securely print their jobs and then
release them to print on any imageRUNNER ADVANCE
MFD. AA-PRINT requires no additional server or
associated maintenance costs and is best suited for
organizations looking for an easy and affordable way to
help ensure print security, reduce maintenance costs,
and maximize productivity.
•
uniFLOW — Designed as a one-platform solution
for law firms looking to efficiently identify and track
4 SS LegalTech News, September 2016
printing costs, secure client data/documents, manage
mobile access, print securely, and improve workflow.
uniFLOW is modular and configurable so that it can
be customized to specific business requirements.
To prevent unauthorized use of a device, uniFLOW
requires users to identify themselves at the MFD
through a variety of methods. To enhance security,
administrators can define workflows accessible to only
certain individuals/departments or to everyone within
the organization. This solution also supports secure
mobile printing, enabling your staff to securely and
conveniently print from anywhere, to any printer, from
their mobile device. uniFLOW also makes it easy to scan
and send your documents to any back-end system
throughout your firm.
•
imageWARE Secure Audit Manager Express —
An information security software solution providing
capture, archive, notification, and audit capabilities
such as print, scan, fax, copy, and email. With the ability
to capture job information such as time, date, user,
destination, and text data, imageWARE Secure Audit
Manager can help mitigate security breaches.
SUMMARY
Many information security plans have left MFDs and
printed material on the backburner for far too long.
However, as law firms begin to understand the extent of
the problem, the idea of better document and printer
management has started to receive greater attention.
The good news is that the right plan, along with targeted
solutions, can help reduce many of the vulnerabilities
associated with printing, scanning, and faxing. With the
benefit of Canon Solutions America’s experience and
expertise in print management, law firms can effectively
eliminate the vast majority of today’s print/output security
risks. As compliance, audit, and privacy demands begin to
include secured output, now is the time for law firms to
implement effective solutions.
1
“ More Cyberpreparedness Needed, According to 2014 Law Firm Cyber Survey,” Marsh,
https://www.marsh.com/us/insights/research/more-cyber-preparedness-needed2014-law-firm-cyber-survey.html.
2
ill Tolson, “Are Law Firms the Weakest Link in the Information Security Chain?”
B
Information Governance-101, https://informationgovernance101.com/2015/04/18/theweak-link-in-the-information-security-chainlaw-firms/, (April 18, 2015).
3
Buyer’s Laboratory Inc. Study 2015 and 2009