Document Security in the Work-From-Home Era
In sitting down to write my first Blog article of 2022, I’m somewhat surprised to find myself working from home once again. Like many workers, I’ve been back in the office for the better part of the last year after spending much of 2020 and 2021 in work-from-home mode due to the COVID pandemic. Throughout that period, I learned many lessons, developed some new ways of interacting with colleagues, and gained a new appreciation for the frustrations and costs related to printing in a SOHO environment.
So this morning, with Winter Storm Landon closing down roads and threatening to drop 20 inches (half a meter!) of snow against my front door, I didn’t give a thought to digging out the car and playing slalom on the ice-covered streets. I simply fired up my laptop and started working. Most of the applications I need for work are either Cloud-based or run natively on my computer, so I don’t need to use a VPN connection to the office. Which is a good thing, as I recently learned.
Many companies use Virtual Private Network (VPN) technology to give employees remote access to business applications and other IT resources running on the corporate network. Although they can be bandwidth-intensive, expensive to maintain, and cumbersome for remote employees to use, they serve a useful purpose. By encrypting the connection between an organization’s internal network and the remote users, VPNs protect sensitive data and provide a level of security against hackers. In essence, a user accessing internal systems via a VPN is on the company’s internal network, regardless of where they are physically working at the time. They have access to the same network resources as they would when working at their desk back in the office, including departmental printers.
This can be problematic, as I realized last month while working from home. A family member was in quarantine, so I was logged into the corporate network using a VPN. At the end of the day, I received an email saying that an electronic copy of my W-2 wage and tax form for the previous year was available on the employee portal. Knowing I would need this form to complete my 2021 taxes over the weekend, I accessed the form, clicked “Print” and… panicked.
The printer in my home office was silent. At that moment, I knew that my sensitive financial information was most likely sitting on the workgroup printer back in my office on the other side of town. That device was my default printer just a few steps away from my desk. Had I been in the office, the W-2 form would have been in my hands in seconds. Now, I had to jump in my car and race across town to the office before one of my co-workers grabbed it out of the printer tray.
How could this have been avoided? Many ways, some of which I have (ironically) written about in this very Blog. The easiest and most obvious way would have been to utilize pull printing by default. Like nearly every MFP in our office, my default device is capable of pull printing. Had I printed to the Personal Print Queue managed by our MFPsecure/Print software, the document would not have started printing until I was standing in front of the device and authenticated using my security badge.
Alternatively, I could have used the LRS Internet Printing solution instead of using a VPN to “pretend” I was sitting at my desk in the office. The VPSX software that manages all printing in my office would have securely transmitted the print data to the lightweight Personal Print Manager client running on my PC in encrypted form and the document would have printed on my home printer. Since I work from the LRS corporate office 99% of the time, I’ve never bothered to look into this option. But I probably should.
As it turned out, when I arrived at the office to retrieve my W-2 form, the office lights were off and my document was sitting right in the tray where I expected it to be. I can’t be sure whether anyone else saw it, but since it was after hours when I clicked “Print,” there’s a good chance my sensitive information remained private. This time.
In any event, all of the information on the form was my own, so I was not putting another person’s privacy at risk. If I had been a hospital worker and the document contained protected health information (PHI) about one of my patients, then this mistake would likely have represented a violation of HIPAA privacy laws. Infractions are expensive, and the topic of regulatory compliance for remote workers is a hot one in the healthcare world.
For me, the bottom line is that all the best technical solutions in the world are of no use if organizations and users (like me) neglect to take advantage of them. If you are looking for ways to ensure document security, eliminate cumbersome VPNs, or improve your work-from-home infrastructure, contact the experts at LRS.