Site icon Celiveo Cloud Print

Print Jobs Vulnerability and GDPR Compliance

It is so easy to read your documents even before you get them on paper…
Protect them with Celiveo

In 2016, 47% of incidents involved a malicious or criminal attack, 25% were due to negligent employees or contractors and 28% involved system glitches.

Negligent insiders are individuals who cause a data breach because of their carelessness. ​Malicious attacks can be caused by hackers or criminal insiders (employees, contractors, third parties).

2017 Cost of Data Breach Study
Benchmark research sponsored by IBM Security
Research Report/ Ponemon Institute

Insider threat occurs in three varieties, of decreasing frequency:

1. Careless or uninformed users who unintentionally violate security requirements and policies due to a lack of cybersecurity awareness, training, or foundational cyberhygiene.

2. Negligent users who intentionally evade security measure out of convenience, neglect, or misguided attempts to increase productivity.

3. Malicious users who intentionally evade security measures in attempts to profit financially, gain revenge, or seek to unmask corruption or other malfeasance, based on a misguided sense of idealism.

Feb 2017/ Institute for Critical Infrastructure Technology

GDPR regulation non-compliance fine:
Up to €20 million, or 4% of the worldwide annual revenue of the prior financial year, whichever is higher.

Important Information Is Often Printed

  • Unattended documents are hijacked on printers output trays
  • Print job names are visible to everyone using shared print queues
  • With a click by IT, all print jobs are archived by Windows print servers
  • All stuck documents are released as soon as a failing printer is repaired
  • IT can see, archive, intercept, view and reprint any print jobs from any user
  • Unauthorized people can use MFPs to send data out if those are unlocked

Celiveo Secures MFPs and Documents

  • MFP & Printers Access Control
  • No more unattended printing
  • End-to-end Encryption, advanced stealth mode to comply with GDPR regulation
  • Strong User Authentication
  • PIN code, Badge, barcode
  • PKI Smartcard
  • Advanced Audit and Reporting

Printing is totally unprotected by default

More and more leaks happen from insiders, who have access to the corporate IT as part of their job to maintain it. Few people know it is so easy to read the CEO or CFO print jobs, one just needs to be server administrator or use free tools. All IT contractors and printing solutions suppliers also have access to a wealth of information when maintaining the system. And nobody will be aware someone captures and reads documents from his desk, possibly from another continent. Such events directly falls under the strict GDPR regulation, protecting personal information contained in print jobs.
Is such data interception complex? Not at all!

The easy way: make Windows Server copy print jobs

Print jobs are sent as clear data through most print server and network connections. They are stored in a specific print server directory %systemroot%\system32\spool\printers\*.spl. Triggering copies of all print jobs from a specific user can be programmed in a few seconds and free viewers display those documents on the PC of the remote administrator.

Sniffing and intercepting documents on the network

Just search Google for “Printer Hacking Wireshark” and you can find complete step-by-step cookbooks on how to see on your screen all print jobs going to a specific printer. Then any free PCL or Postscript viewer allows to display those documents

Viewing SQL server data (and modifying it)

SQL Server Data Tool (SSDT) is free on Microsoft web site. The company that installs/maintains the solution knows the database credentials it is possible to change PIN codes, badge numbers, see jobs list names, copy print jobs file depot etc.

Celiveo Enterprise is unlike any other solution…

PC to Printer print jobs encryption/decryption with Pull Printing ​RSA + AES cipher
Security backed by Active Directory OU and Groups to not let unauthorized users configure Celiveo
GDPR Print Jobs Meta Data Stealth mode hash and cipher to not link print jobs with end-users
Corporate RSA encryption key ensures your print jobs are not encrypted like for ​any other company​
Documents are fully encrypted using PKI RSA + AES, from PC to printer level, whatever is in between (WAN, LAN, WLAN, servers, spooler etc)
Exit mobile version