5 lessons IT security can learn from football
13 March 2017
4 min read
All football fans know ‘that look’. The look of helplessness on the face of a football manager who sees his side getting thumped and knows, no matter how much he shouts or flaps his arms, his team is getting beat today.
If you’re in charge of your company’s IT Security Protocols and you haven’t included print in that strategy, then when it comes to being able to prevent a breach, you’re more like that hapless football manager than you think. Here’s why:
In football, the saying goes ‘strikers win you games, defenders win you championships’. It’s no use just having a couple of star defenders either. Opposing teams will always target the weakest link in your back line.
So while most companies have ‘Premier League’ quality PC and tablet security protocols in place such as regular patch, hackers just don’t care. And why should they, when they can target the multiple types of printers found in an average office? The problem is, network printers often run on legacy operating systems not covered under PC and tablet security protocols. This means they aren’t going to be covered by your basic routine patch scheduling.
Ultimately, it’s a bit like asking you to put on your football kit and get in the game with England International’s Gary Cahill in defence. It doesn’t matter how good he is because opposing strikers can just run past you and score.
Now in goal, you want a supreme shot stopper that strikers fear. Unfortunately, in the world of IT Security, in goal you have Open Access Points. They can’t stop a thing. Alarmingly, while companies have open access points locked down solid for PC and tablets, it’s often not the case for print. For example, do you know how many printers in your network have open access points, right now.
Working in an increasingly connected world means that there are now more chances for anyone, anywhere, to infiltrate your network and steal your documents and data.
Which brings us to the midfield - the engine room of the game. The whole Building, specifically the Office Floor and Network, form the hardest working outfit in the world but a leaky defence is letting the opposing team slip through. How many confidential documents are being given up to opponents making smash and grab attacks? Don’t be one of the 44% of organisations who allow unauthorised access to data in printer mass storage.
A good striker can be judged by the timing of his runs into the box and ability to clinically dispatch the ball into the back of the net. In IT Security, your strike force is your employees and the timing of ‘their runs’ could not be poorer, with many of them leaving confidential documents unguarded in printer out trays for the full 90 minutes. The solution is better employee training and pull printing, which is where users have to authenticate a job at the printer before it prints. Implement this and suddenly the timing of your strikers ‘runs’ will improve dramatically.
The importance of a good start
When a small football club travels away from home to face a big football club, such as Man United, most pundits will quickly deem ‘a good start’ is as crucial to the success of the smaller club.
You could argue this is also true of company networks. Booting up in the morning is one of the most vulnerable moments for a breach, especially for printers not covered by PC and tablet Security protocols. So how can you prevent an early goal being scored against you? One way is to validate the integrity of the boot code at every boot cycle. The latest generation of HP Pro printers come with this technology as standard.
In football, smart substitutions can completely turnaround the fortunes of the team. But just imagine a scenario where your player is told to come off and immediately tears through your own defence before scoring a stunning own goal. Sound far-fetched? Meet Hard Drive.
Most business printers, the same ones with legacy operating systems that are never updated, have internal hard drives that save digital copies of the documents they've printed. So, if you’re thinking of upgrading or replacing your printer fleet and don’t want to score a security own goal, you need to make sure you wipe their memory. The most secure way of erasing data is to physically destroy the hard drive. Just be careful that you don’t destroy leased printers. Consult with your leasing company to find out how your data can be erased.
Final word… to our man of the match
Okay, so we may have pushed the football analogy to breaking point but hopefully it’s helped you understand some serious points. We’ll leave the final word to man of the match Michael Howard, HP Worldwide Chief Security Advisor. “Every device that touches the network needs to be treated like an equal citizen when it comes to security. When you think about how pervasive print is in most organisations, the lack of proactive security is shocking and scary.” So, if your IT Security team is leaving your printer on the bench, remember you’re much more likely to end up on the losing side.