Ever considered whether your print kit could be letting the baddies into your business? Now may be the time to think about it.
There are two types of company, the old cybersecurity joke goes: those who have been hacked and those who don’t know they have been hacked. The recent mysterious hacking of 130 celebrity Twitter accounts was a sensational reminder that no one is safe. If it can happen to Jeff Bezos, who became the richest man in the world by exploiting the power of digital technology, it really can happen to you.
The first step towards improving your cybersecurity is to recognise the fact that you can never be safe. You can then can focus on protecting the data that is critical to your business and identifying the most likely threats to that data. To do that, the people who own, run and/or manage print service providers need to face a few harsh, post-pandemic, truths.
Colin McMahon, a senior research analyst at Keypoint Intelligence, which specialises in global data and market know-how for the digital imaging sector, puts the issue rather bluntly: “People in print tend to be older men - the worst demographic category to be in as far as Covid-19 is concerned - and they need to bear that in mind for their future operations. Remote working - to a greater or lesser extent - is something they need to prepare for and that means, as print service providers consider more ‘connected’ devices, cybersecurity becomes a bigger issue. Automation, cloud computing, the Internet of Things, remote working have lots of advantages for the industry but they come with lots of risks attached.”
McMahon has a point. Any defence against cybersecurity is only as strong as the least guarded device on the network. It cost Target more than $300m to discover that painful truth: the hackers who stole 40m credit card details from the American retailer broke in through systems belonging to its air conditioning supplier. Closer to home, many PSPs don’t even consider the fact that their wide-format printers, which generate most of their revenue, are connected devices that pose risks. As competition grows fiercer - and the market becomes tougher - the benefits of automating workflows are obvious. The potential hazards? Not so much.
Fortunately, some digital print companies are recognising the perils. In response to growing concerns, British supplier Solimar Systems has recently launched a secure IPP print server for digital print environments. Equally commendably, HP runs a global crowdsourcing initiative to identify bugs in its systems that may help hackers.
The second unpleasant truth PSPs need to face is that, as far as cybercriminals are concerned, they are low hanging fruit. You can hack into the Pentagon but, as the defences of that organisation - and others like it - become more sophisticated, why would you? A similar rationale applies to banks although, as recent cases have demonstrated, they are nowhere near as secure as they would like to be. All of which means that small to medium sized enterprises - of the kind that dominate the British wide-format print sector - are a very tempting target.
At this point, you are probably asking yourself: yeah, but how much money are they really going to make from hacking into my business? Think of the old Nigerian email scam. A prince you’ve never heard of promises you a large sum of money if you help them transfer money out of their country. Who would fall for that? Well, as one cybersecurity consultant pointed out, it doesn’t really matter. It costs next to nothing to send out such emails and if one gullible soul is conned by it, they have more than made their money back - which is why that kind of scam has now gone global.
In the past 12 months, the Government estimates, almost half of British companies have been the victim of a cyber-attack. Of that half, one in seven reported that they dealt with such threats every week. The average cost of a cyber breach or attack on a company over that period was £3,230.
‘Ransomware’, in which anonymous hackers demand money after taking control of an organisation’s IT systems, is most effective when aimed at organisations that aren’t that sophisticated technologically. Again, PSPs might insist that such cheap tricks would never catch them out but as Willy Kruh, the former head of the retail and consumer sector for KPMG, confided once: “Most of the brands and retailers I know are terrified that their entire operations could be paralysed by ‘ransomware’. When you think about it, all it takes is one clever geek in a balaclava, based in an emerging economy, with a laptop and internet access.”
At least with ‘ransomware’, the motive is clear. Many attacks are motivated by malice, mischief or hackers testing out their own capabilities. Cybercrime is a $600bn a year global business - if it were a country, its economy would be larger than Poland’s - and PSPs who choose to ignore the danger because they have more important things to do are gambling with the future of the business.
Accepting that you are not now - and never will be or can be - completely safe from cybercrime will clarify what you can and should do. No matter how much money you spend building a state-of-the-art, all-singing, all-dancing IT fortress, you cannot eliminate the risk once and for all. In business, as in life, without risk there is no reward. But a more intelligent, proactive approach to cybersecurity can at least mitigate the risk, protecting your company, your staff and your customers if the worst happens.
Here’s how to get tough on cybercrime…
1. Do an audit. Every company has different vulnerabilities. The most common include: an internal culture that doesn’t take the cybercrime seriously (for example, when staff bring their own technology to use at work); failure to update cybersecurity defences; and a lack of awareness of how suppliers protect their systems and the products they supply to you.
2. Ask your suppliers. As Colin McMahon says: “If you are buying machines with connectivity, you need to recognise that they can cause real damage to your business.” So, finding out what precautions suppliers are taking is imperative. Don’t be put off or assume that, just because their company is much bigger than yours, they will have figured this all out. The largest companies in the world have been hacked and breached.
3. Educate staff. Cybersecurity can seem a bit removed from people’s day-to-day working lives and there is a risk that they regard some precautions as bureaucratic red tape which can be worked around or ignored when pressure mounts. It is your job to convince your staff that cybersecurity is not the sole responsibility of IT. If nothing else, raising awareness will help discourage human error (such as leaving laptops on trains).
4. Own up. If your systems have been breached, don’t try and hide the fact. Inform any stakeholders that are likely to be affected - especially customers. Prompt, decisive and visible action will help retain customer trust and help placate the regulators if they get involved.
5. Audit again. Cybersecurity can never be completely solved. There are always new threats, new techniques and new technologies. Keep an eye on your defences and, at least once a year, take the time to assess risks, practices and policies across the business.