In any enterprise system, security should always be of top priority – but when it comes to document and data management via MFPs for legal firms, security is of paramount importance. It’s no secret that legal firms are on a minute-to-minute basis working with sensitive and confidential information – and keeping this information secure isn’t only a matter of client confidentiality – it’s a matter of your firm’s reputation.

SECURITY IN AN EVER-EVOLVING DIGITAL LANDSCAPE

When we think of the word “security” in a digital sense, we tend to imagine passwords comprised of long and random strings of numbers, letters, and symbols – and of course – case sensitive. We’ve all experienced the hassle of creating twelve-character, case sensitive passwords for various online accounts. And while these measures do help to mitigate some security risks, it’s essential to understand that just because your wi-fi is protected by a password, your network isn’t necessarily secure.

Viruses, malware, spyware, ransomware, code-crackers – these are security risks we’re all familiar with. Everyone knows to not open links from untrusted sources to prevent phishing attempts. Offices are accustomed to installing the latest firewalls and virus protection software to defend against attacks.

But we live in a rapidly changing and connecting digital landscape – with so many services and platforms offering the “log in with Facebook” option, we’re turning our backs on security in favor of ease and speed. And this is merely the tip of the iceberg.

The “IoT” (the Internet of Things) was a phrase coined many years ago – and while interconnected devices can speed up business operations, increase efficiency, and in general make our lives easier, the IoT also greatly increases the risk of security breaches.

What’s the driving force behind these security risks? Points of failure.

POINTS OF FAILURE

For every device that comprises your system, there is another avenue available for a security breach. While many companies focus on shoring up their backend network systems with firewalls and the like, all too often MFP document security is put to the wayside, or completely forgotten about.

In the age of encryption, AI, and automation, MFP document management and security can come across as an archaic topic; surely, by 2020, we’ve collectively come to a point where physical documents are completely secured, and there’s not much space left for innovation? This reasoning, however, couldn’t be further from the truth.

Perhaps the most failure-prone point in an office’s systems are the MFPs themselves. It’s easy to think of a MFP as a machine that can print, copy, and scan documents, and not much else – but MFPs are essentially their own computer. MFPs have a hard drive that, unless specifically instructed to do so, will store every document it prints, scans, or copies as an image in its own file storage system. A MFP, will, throughout its lifecycle, see and store data covering every sensitive or confidential aspect of your company’s and clients’ operations – be it HR documents, banking information, business plans, regulated data, clients’ case files, or any other document type your firm must print, scan, or copy. A target such as this is a treasure trove of tempting information for a hacker – and the avenues available to them to gain access to this information are plentiful.

From the standpoint of efficiency, mobile printing is an incredible tool. Often, documents are shared or stored via mobile device – and taking the time to step away from a meeting or heading back to the office when out in the field in order to print a document from your desktop can be a major hinderance to your speed of operations. While mobile printing is most definitely an efficiency-booster, it’s also one of your business’ greatest security risks.

Due to the fact that mobile devices are, well, mobile, they are often subject to a wide variety of security risks – the most prevalent (and most dangerous) of these being public networks. When accessing data via a public network, mobile devices can be unknowingly transformed into a key for hackers to exploit. If this “key” has ever been used to print a document through one of your MFPs, a backchannel can be created between the hacker and the MFP – and due to the aforementioned local storage of documents in a MFP, access to every piece of sensitive data that has been printed, scanned, or copied through that specific MFP is up for grabs.

The more pieces to a system, the more opportunities to break in – and when dealing with highly sensitive client data, this can spell disaster for your firm’s reputation. 

The most prevalent (and opportunistic) security risk is, however, when your MFP is booting up; during this short timespan where the machine is beginning its processes, hackers are able to slip in before firewalls and other security based APIs are able to kick in. A hacker need only break in once to install their own backdoor into your system, and through a device like a MFP, they can create a foothold from which to penetrate the entirety of your network’s defenses – leaving the totality of your business’ and client’s sensitive data ripe for the taking. Luckily, Canon, and now other MFP producers are deploying MFPs with built-in security features to help combat this.

REAL WORLD SECURITY RISKS

Unfortunately, your security woes don’t end with devices or networks. An astounding 15% of printed documents are never even picked up from a MFP after being printed – meaning anyone can simply walk by and take a photo of sensitive data, or even just take the physical document itself. Even when working in an office space with security measures like check-ins, ID scanners, and other measures of gatekeeping access, every system has a work-around. And if your information is worth it, hackers will find a way.

Remember how MFPs have hard drives built-in? Eventually, as a MFP ages and is replaced, the machine will find its way to a storage facility, a landfill, or will be broken down and recycled. This in itself is a security risk, as hard drives store data physically on magnets – even if you’ve deleted all of the files off of the hard drive before getting rid of your MFP, these data traces are still physically present on the hard drive, and can be read by a skilled hacker.

HOW MSPs AND MITS PROVIDERS CAN HELP

Despite the litany of security risks covered above, there are countless more available to hackers – and the worst part is, as tech and security evolve, so to do hackers’ methods of penetrating systems. Managed Service Providers (MSPs) and Managed IT Services (MITS) are well versed with acting as the barrier between a business’ operational needs and capacity, and the hackers that seek to dismantle your business’ reputation and profitability. In addition to providing extra security, MSPs function as your tech infrastructure partner – they work with your company to create efficient, resource-saving systems through DWAs (Document Workflow Analysis), just as MITS providers will conduct a network analysis to create more efficient and secure connections for your enterprise ecosystem as a whole. Here at Cobb, we have our own dedicated MSP and MITS teams. For more information about MSPs, visit our blog on the topic.

Fleckenstein & Associates: Centralizing and Streamlining a Law Firm's Data with M-Files

Up until 2019, Fleckenstein & Associates, P.C. were a paper-based firm. Watch to learn how their transition to M-Files has helped them manage their data!

DOCUMENT AUTOMATION FOR LAWYERS

There is a single solution that can bring simplicity, savings, and security to your law firm — document automation. We all know the benefits to it — reduce the time you spend drafting, formatting, editing, scanning, and faxing. The end product is a no-brainer.

WHAT IS VOIP? 5 THINGS YOU NEED TO KNOW

If you have access to the internet, then you have access to Voice over IP telephony. But what exactly is VoIP, and do you even need it?