Mailing in a
Secure World
Glen Swyers!
Manager - Mailing & Fulfillment!
Classic Graphics, an Imagine! Print Solutions Company!
The Positive
!What happened?
!• Security in its infancy was protecting your
IT Infrastructure from the latest virus or malware. !
• Now? One of the biggest threats is your
employees themselves – either through a malicious action or, much more likely, inadvertent error.!
New reality
!• Your Clients or Organization now conduct
vulnerability assessments, penetration tests, application security assessments!
• Your vocabulary now includes!
• PCI DSS, SANS, SOC, or ISO 27001!
finger
!Who should be held liable when
there’s a massive data breach at a
big company? This was one of the hot topics discussed in the 2015 State of
the Union Address.!
Dilemma
!“Organizations that do not implement reasonable security protections should be liable for resulting harm, economic or otherwise. But if we try to hold them
responsible at the same time that we are trying to figure out what those reasonable protections are, it becomes that much more difficult to learn from incidents.”!
So am I liable?
!I am not a lawyer - and I don't play one on TV. !
BUT if you don't have a plan - history is telling us that the less you do to prevent an incident the more potentially liable you may be. !
Printer-related security
breaches affect 63%
of enterprises
!• “Clearly businesses are not doing enough to
protect their printing environment, exposing themselves to the potential financial and legal ramifications of print-related breaches,” ! • Pull Printing - use code to get your documents. ! • http://www.infosecurity-magazine.com/news/
So do we have your attention?
! Data security is a good idea!!We touched a
little on the why…
!Let's discuss what companies that are in the data/mailing business should
Step 1
!• Admit that you have a problem. !
• If there is no clear consensus on the team that
data security is a priority:!
!
You will fail
!Step 2
!• Develop a Plan!
• As we discussed, having a plan is almost
Step 3
!• Execute the Plan!
• Remember - A good plan violently executed
now is better than a perfect plan executed next week. !
— General George S. Patton!
Step 4
!• Go back to Step 1 and repeat. !
• The process never stops. !
• Rules are always evolving.!
the classic story
!We have come a long way…
!• Started in 600 square feet
by two friends in college. !
• Now in the top 1% of all
Keys to Classic Success
! • I will not bore you with all thedetails !
• Key focus today is our
approach to data security and how we have addressed our clients needs and concerns.!
Classic : Step 1
!• Our recognition that there was need in the market
place for data security was a direct result of our clients
requests. !
• They needed a partner to quickly respond to direct mail
changes - but the information needed to drive the
Classic : Step 2
!• We invested in smart people and excellent
technology !
• One without the other - just leads to
frustration.!
Plan components
!• Badge access to the plant, adding turnstiles to reduce tailgating!
• Data room: second tier restricted badge access including alarm system
with restricted hours. !
• Data center: 2 person minimum access with man trap, 3 factor
authentication including biometrics !
• Data server: hosts secure data with restricted access! • Redundancy in RTP!
• Input Folder for Sales!
• File Server: hosts working image files (only composed PDF - no raw
Plan components
• Moved VDP in to the Data secure room!
• Employees: background checks, Ethics policy and
Social Media Policy. !
• File Transfer: Secure FTP, Secure Email!
Gone? Dropbox, Skype, and Thumb Drives (Thanks,
Snowden)!
• Audits - First and Last record, Longest and Shortest, 1
each version, and post on Secure FTP.!
Process never stops
!• In the last year have added !
• cameras on each rack cabinet!
• badge access to rack cabinets!
• cages in shipping areas for delivery drivers!
• 2 factor authentication for any remote
access!
• Currently adding!
• DLP system (Data loss prevention)!
• NAC (Network access control)!
• Prevention of any use of external storage
devices (USB Flash drives, etc.)!
• Turnstiles at each entrance!
Important topics
!• Encryption - all data is encrypted at rest, data is processed
directly on data server NOT on desktop, desktops are encrypted as a failsafe. !
• Archives:!
- How Long?!
- More important than ever!
- Can you destroy every copy including backups?!
- Secure destruction tools to auto execute at “X” number of
ISO 27001
• With multiple frameworks and certifications in the
market, there is a lot of confusion about what can attest
to the security of a system.!
• ISO 27001 certification is proof of an organization’s
ability to maintain an effective Information Security
Management System. It’s comparable to getting a
house inspected.!
• Need to raise the bar even higher? Add SSAE16, Type
2.!
Why did Classic choose ISO 27001?
!• Classic has been ISO 9001 certified since
1998!
• ISO is part of our culture!
• 27001 was a natural progression building on
• Before ISO27001 !
• Annual inspection took days!
• After ISO27001 !
• Clear understanding of our standards!
• Inspection has been reduced to hours
onsite or not required.!
How ISO 27001 has helped
!It provides a framework for the management of information security risks, which ensures you take into account your legal, contractual and regulatory
Benefits of ISO 27001
• Supports compliance with relevant laws
and regulations!
• Reduces likelihood of facing prosecution
and fines!
• Can help you gain status as a preferred
supplier!
Other stories
!• Small Mailer in Orlando - PCI Only!
$10,000!
• Mid-Size Mailer in South East - SOC!
• Data Security is no longer an optional item!
• It takes more than just IT to execute !
• The important thing is to start!
Questions?
!Mailing in a
Secure World
Glen Swyers!
Manager - Mailing & Fulfillment!
