It seems like every day there’s news of another multimillion-dollar data breach with yet another organization scrambling to deal with negative media attention, preserve their brand reputation and pick up the pieces of their consumer base. The financial repercussions of such breaches are growing increasingly severe. According to Statista’s market and consumer data, the average cost of a data breach soared to $9.44 million in 2022 from $9.05 million the previous year—an increase that reflects not only the rise in sophistication of these attacks, but also the devastating consequences of losing customer loyalty.
While data breaches can affect any organization or industry, security efforts are mostly concentrated on mitigating the risks of outside attack on firewalls, networks and other internal IT-related systems. This makes customer communications processing a particularly target-rich environment for bad actors who seek to gain access to “protected” information. This is especially the case in the healthcare, financial services and insurance industries, which transmit communications with a high density of private health information (PHI) and private personal information (PPI) that can be compromised for malicious activities such as identity theft.
Firewalls, passwords and other forms of access control are not enough to prevent a breach. Although it is certainly important to determine who can gain access to protected data to begin with, these security measures do not prevent or diminish the impact of negligent acts by those with clearance to override them. Many software solutions tout regulatory compliance (HIPAA, PCI-DSS, etc.) as a way to prevent breaches and it’s true that adherence to governmental or industry-specific regulations is an important step in securing customer data. However, compliance with regulatory standards for firewalls, as well as network infrastructure and design, is not the only way to mitigate risk.
Many regulatory frameworks completely ignore the security risk inherent in documents and document files — particularly those that contain PPI and PHI. For document security to be commensurate with existing network and data security guidelines, a close examination of the print production workflow for potential and existing gaps in security is required. By implementing protective measures throughout the print production process, customer communications providers (particularly those who handle PPI and PHI) can limit the number of points within the workflow when data is vulnerable to threats, greatly reducing its exposure to malicious activities. Extending the regulatory mandate of “encryption of data in transit and encryption of data at rest” to that same encryption mandate for files containing documents can go a long way in eliminating a potential weak point as a target for attack.
Heightening security at all stages of print production
As a customer communications provider, one of the most important ways to enhance the security of customers’ data is to find a solution that reduces the number of points along the workflow that require decryption. Whereas a typical end-to-end process involves decryption during verification, processing and printing, some modern solutions make it possible to maintain the encryption until printing.
In addition to reducing the number of workflow stages that require decryption, the most advanced document security solutions will maintain encryption during printing. Whereas a typical printing process involves decrypting or “unzipping” the entire print file, page-level decryption with each page of the entire document file assigned a unique encryption password, reduces the amount of data exposed during the printing process.
With news about data breaches becoming all too frequent, document security — particularly for customer communications in healthcare, finance or insurance — is more important now than ever. While the astronomical regulatory fines are certainly daunting, just as important and potentially damaging to an organization is the loss of brand integrity and consumer loyalty that accompanies a breach. According to PCI Pal: In the US, 83% of consumers claim they will stop spending with a business for several months in the immediate aftermath of a security breach and 21% claim they will never return to a business post-breach. In identifying a document security solution for your customer communications, it is critical to ensure data is protected at all stages of the workflow, whether the document is in transit or being stored. By decreasing the number of times data is decrypted and exposed throughout the workflow, you can greatly diminish opportunities for negligent error and make an investment in your reputation for keeping customers’ sensitive data secure.
An electronic document industry pioneer, Ernie Crawford is the President/CEO and founder of Crawford Technologies. One of only a small number of people worldwide with a Master Electronic Document Professional (M-EDP) designation, Ernie has more than 30 years of senior marketing and management experience in the high-volume electronic printing market.