BYOD programs are becoming increasingly prevalent in government agencies.
The U.S. Equal Employment Opportunity Commission (EEOC) was one of the first of several federal agencies to implement a BYOD policy. EEOC now allows employees to “opt out” of the government-provided mobile device program and install third-party software on their own smartphones so they can use them for official government work. Delaware recently initiated a similar initiative and is realizing significant cost savings as a result.
The Department of Defense has even launched a BYOD pilot program in the Pentagon and is assessing the risks in an effort to establish federal government guidelines for managing and securing mobile and printing devices as well as security and privacy controls.
Since government agencies handle a lot of confidential information, some of which involves matters of national security as well as people’s privacy, managing the risks of BYOD printing is essential. This is especially true since cyberattackers tend to view printing devices as the weak link in an agency’s security. The DoD and other government organizations have come to realize that printers are an open and unsecure data source they need to defend more robustly.
But implementing standard security policies for BYOD in vast bureaucratic agencies like the DoD is easier said than done because of the enormous number of printing devices and people who use them. Not to mention, the sensitive material that’s printed on a daily basis.
Strategies to help your government customers safeguard their printing resources
Require user authentication to enable the auditing, reporting and tracking of all user activity and other security features. Then restrict access based on this authentication to ensure that users only have access to the resources on the network they normally do as part of their jobs.
- Audit all copy, print, scan, email and fax activity at every network multifunctional printer (MFP).
- Encrypt all data transmitted to and from every MFP using specific security guidelines set forth by Federal Information Processing Standard Publication 140-2.
- Use pull printing, which requires that employees authenticate at the printing device before documents are released.
- Institute rules-based printing. This controls output by analyzing jobs before they’re released based on a set of pre-established rules. The U.S. Army and General Services Administration have clearly delineated printing policies that can be enforced with implementation of rules-based functionality.
- Configure all commercial off-the-shelf document systems consistently to ensure direct and secure scanning.
- Control and protect all access points on MPFs. Apply automated security techniques to authenticate users, control access to workflows, encrypt data, validate network destinations, monitor and control all documents containing personally identifiable information (PII), and build and maintain an audit trail of all user activity.
By adopting measures like these, your government customers at the federal, state and municipal level can minimize human error, mitigate risk and help avoid the costs and other damages resulting from data breaches.