When we talk about hardening systems, most people take that to mean identifying vulnerabilities and mitigating them. It’s a process that IT and cybersecurity people use to guard against threats like malware and ransomware, but also to ensure that customer data remains unexposed as it is gathered, processed, used in business applications, and included in customer-facing communications.
In the print industry, we have talked about variable data printing for decades. VDP and other forms of data-driven communication are reliant on data that originates in all types of business systems, from sales transactions represented on credit card statements to the type of data that informs insurance policies, medical data, travel data, and even something that seems innocuous like customer preference data. Every data point, no matter where it originates, is subject to a wide range of data privacy regulation, which varies by country and even by state or province.
In addition to the federal, state, and local data privacy regulations. there are segment-specific. One of the most well-known in our industry, most have heard of HIPAA, the Health Insurance Portability and Accountability Act, which has been a part of our lives since 1996. It is intended to ensure that your private health information doesn’t escape into the public. The Fair Credit Reporting Act regulates credit agencies and how they handle credit data and other consumer information. There are laws related to data privacy and management at every level in most business segments, which brings us to the question of creating that secure data environment in the context of print.
Let’s start with a distinction. In this episode, the context is production printing. There is a library of information online that can help you with your network print devices, and you should look at that facet of data security if you use Multi-Function Printers (MFPs) in your business and sometimes print data-driven documents, including letters.
In production printing, we are working with several types of data that could contain privacy-regulated information:
- Data gathered on web forms, including preference, profile, and profile changes
- Data from enterprise databases, including sales, health, and financial
- Data synthesized from multiple data sources into a new form
And there is the printing company business data, which also needs protection.
Before we can look at what needs to be hardened, the first step is to identify the data moving through the systems. Yes, it’s time for an assessment of your current data profile, and that begins with identifying every inbound and outbound data feed. You are looking for live or intermittent connections to client data pools, but also data exposed during approval processes, interaction with vendors for troubleshooting, and any other interaction for which you have signed a confidentiality agreement. You may have this list if your business insurance provider required you to identify your data exposure as part of the underwriting process, but if you don’t have it in hand and current, this is the time to get that list built. Whatever mechanism you use, remember that this is a list you will want to maintain as you add customers, as customers add new products and data feeds, and as customers leave.
As a quick aside, that last point is essential. In your review of the data feeds you engage, you may find that you have live data connectivity to customers you no longer serve. You may also find that in your in-house or cloud-maintained storage, you have old data related to older work. It is not uncommon to discover data polls that were downloaded in less restrictive times because it made processing faster or easier. The data hygiene that would have them deleted may have been missed. This is the time to correct that.
Once you know what you have, it’s time to determine the current state of security. The basic rule is that your network should be firewalled, virus-protected, and accessible only by credentialed individuals. Automated virus scanners, malware detectors, and other intrusion alerts are important, but they do not eliminate risk.
Every individual should be guided through the basics of security, including the requirement to keep login and password information private and how to handle emails that contain links. Team members who interact with customers and prospects may be asked to accept file attachments to an email, which isn’t a best practice. Check the current state of education with your team, and then look at how you accept data.
Come back next time for the hardening checklist you can use to walk your workflow and assess your current state of readiness in the world of production print and data.
Have questions? Put them in the comments or get in touch!