ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Local Encryption ... Why Not?

    IT Discussion
    15
    357
    173.7k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      Dashrender @scottalanmiller
      last edited by

      @scottalanmiller said:

      @BRRABill said:

      @Dashrender said:

      What do you mean? you choose the option to print and it didn't print, instead it offered you a PDF?

      Yes.

      I chose PRINT (from WORD ONLINE) and it then said "HERE IS YOUR PDF TO PRINT".

      That's super weird!

      that's exactly what I was thinking.

      time to make a simple word doc and try it.

      1 Reply Last reply Reply Quote 0
      • D
        Dashrender
        last edited by Dashrender

        Holy cow, I got the same thing.

        0_1450220827462_ml2.PNG

        0_1450220780525_ML-wow.PNG

        1 Reply Last reply Reply Quote 0
        • D
          Dashrender
          last edited by

          Now my browser does have a PDF viewer enabled in it, so the file opened in the browser, but I'm pretty sure it did download and open locally.

          This definitely seems odd, but now that I think about it, makes some sense. Because you're not printing the whole browser window, or even a window within the browser, Word (in this case) needs some way to enforce printing format. Forcing it to a PDF and then requiring the user to use a local PDF view to do the printing does make sense...

          Though i wonder if it would have been better to have the print job open in a new Window formatted as desired, ignoring actual window size, etc... and then launching the browser print option - though I'm guessing there it to much chance that printing would not have the correct formatting.

          1 Reply Last reply Reply Quote 0
          • S
            scottalanmiller
            last edited by

            Very odd. Although I suppose this helps to highlight that if you go to print, you are exposing things. Printing isn't secure - not from the network side nor the paper side. If you are forced to download a PDF, I guess it would help to remind users that they are doing something inherently insecure.

            But why would it do this rather than printing directly?

            D B 2 Replies Last reply Reply Quote 0
            • D
              Dashrender @scottalanmiller
              last edited by

              @scottalanmiller said:

              But why would it do this rather than printing directly?

              Did you post this while I was editing my previous post?

              1 Reply Last reply Reply Quote 0
              • S
                scottalanmiller
                last edited by

                Yes

                1 Reply Last reply Reply Quote 0
                • D
                  Dashrender
                  last edited by

                  What do you think of the possible reasons I posted?

                  1 Reply Last reply Reply Quote 0
                  • S
                    scottalanmiller
                    last edited by

                    That seems to make sense. By going to PDF you know that you will be able to get an exact copy rather than something "close-ish."

                    1 Reply Last reply Reply Quote 0
                    • B
                      BRRABill @scottalanmiller
                      last edited by

                      @scottalanmiller said:

                      Very odd. Although I suppose this helps to highlight that if you go to print, you are exposing things. Printing isn't secure - not from the network side nor the paper side. If you are forced to download a PDF, I guess it would help to remind users that they are doing something inherently insecure.

                      But why would it do this rather than printing directly?

                      Printing can be secure.

                      Our copier is HIPAA compliant.

                      You could also just hang a personal laser printer off the box you want to be secure.

                      My point is that who knows what files these secure browsers are putting on your machine.

                      When I am going across some crazy border as a spy, I want to be sure. (NOTE: I have barely ever left the US.)

                      D 1 Reply Last reply Reply Quote 0
                      • D
                        Dashrender @BRRABill
                        last edited by

                        @BRRABill said:

                        @scottalanmiller said:

                        Very odd. Although I suppose this helps to highlight that if you go to print, you are exposing things. Printing isn't secure - not from the network side nor the paper side. If you are forced to download a PDF, I guess it would help to remind users that they are doing something inherently insecure.

                        But why would it do this rather than printing directly?

                        Printing can be secure.

                        Our copier is HIPAA compliant.

                        You could also just hang a personal laser printer off the box you want to be secure.

                        My point is that who knows what files these secure browsers are putting on your machine.

                        When I am going across some crazy border as a spy, I want to be sure. (NOTE: I have barely ever left the US.)

                        I have no idea what you're talking about crossing borders...

                        But Scott's point is still valid. Once you print the paper the information is no longer secure. it can go anywhere, everywhere with no tracking.

                        How is your copier HIPPA compliant? Because the drive is encrypted and requires a username/password to get into the drive? Sure that makes it HIPPA compliant, but does not make it secure. If this was a high value target, someone could install a tap on the network connection and probably capture the prints in transit. I'm not aware of any printer that has a driver that uses SSL, though I'm sure there are some out there today.

                        B 3 Replies Last reply Reply Quote 0
                        • B
                          BRRABill @Dashrender
                          last edited by

                          @Dashrender said:

                          I have no idea what you're talking about crossing borders...

                          Was an IT joke. Poor one, perhaps.

                          Like if I was a spy.

                          1 Reply Last reply Reply Quote 0
                          • B
                            BRRABill @Dashrender
                            last edited by

                            @Dashrender said:

                            But Scott's point is still valid. Once you print the paper the information is no longer secure. it can go anywhere, everywhere with no tracking.

                            Not really. It is still trackable, and considered secure in the US Mail since it is a federal violation to tamper with that.

                            D S 2 Replies Last reply Reply Quote 0
                            • B
                              BRRABill @Dashrender
                              last edited by

                              @Dashrender said:

                              How is your copier HIPPA compliant? Because the drive is encrypted and requires a username/password to get into the drive? Sure that makes it HIPPA compliant, but does not make it secure. If this was a high value target, someone could install a tap on the network connection and probably capture the prints in transit. I'm not aware of any printer that has a driver that uses SSL, though I'm sure there are some out there today.

                              Here is a link to the brand we have.

                              https://www.konicaminolta.eu/fileadmin/content/eu/Business_Solutions/Products/Security/PDF/SECURITY_WHITEPAPER.pdf

                              Though I am pretty sure if your network is secured, encryption to the copier is not a big deal. It more the hard drive in case it gets traded back in, as in the 1.7 million dollar fine I mentioned earlier for leaving PHI on copiers.

                              S 1 Reply Last reply Reply Quote 0
                              • D
                                Dashrender @BRRABill
                                last edited by

                                @BRRABill said:

                                @Dashrender said:

                                But Scott's point is still valid. Once you print the paper the information is no longer secure. it can go anywhere, everywhere with no tracking.

                                Not really. It is still trackable, and considered secure in the US Mail since it is a federal violation to tamper with that.

                                what if you don't put it in an envelope? What if you just take it home? what if you make a copy of it? once you have that printout.. you can do anything you want with it.

                                B D 2 Replies Last reply Reply Quote 0
                                • B
                                  BRRABill @Dashrender
                                  last edited by

                                  @Dashrender said:

                                  what if you don't put it in an envelope? What if you just take it home? what if you make a copy of it? once you have that printout.. you can do anything you want with it.

                                  If it is paper with PHI, it still has to be protected.

                                  For example, we have questionnaires where the respondent MIGHT put their name on. SO we have to log it into our building, and secure it in a locked cabinet in a locked room.

                                  Just because it is paper doesn't mean you can lose track of it.

                                  D 1 Reply Last reply Reply Quote 0
                                  • D
                                    Dashrender @Dashrender
                                    last edited by

                                    @Dashrender said:

                                    @BRRABill said:

                                    @Dashrender said:

                                    But Scott's point is still valid. Once you print the paper the information is no longer secure. it can go anywhere, everywhere with no tracking.

                                    Not really. It is still trackable, and considered secure in the US Mail since it is a federal violation to tamper with that.

                                    what if you don't put it in an envelope? What if you just take it home? what if you make a copy of it? once you have that printout.. you can do anything you want with it.

                                    Does this mean we can't use it? Of course not, we have to believe that our staff is trustworthy, or we have to get rid of them. Scott's main point, at least as I saw it, was to simply make you aware of this situation, not to make you worried about it.

                                    1 Reply Last reply Reply Quote 0
                                    • D
                                      Dashrender @BRRABill
                                      last edited by

                                      @BRRABill said:

                                      @Dashrender said:

                                      what if you don't put it in an envelope? What if you just take it home? what if you make a copy of it? once you have that printout.. you can do anything you want with it.

                                      If it is paper with PHI, it still has to be protected.

                                      For example, we have questionnaires where the respondent MIGHT put their name on. SO we have to log it into our building, and secure it in a locked cabinet in a locked room.

                                      Just because it is paper doesn't mean you can lose track of it.

                                      You're kidding right? not lose track? We (and all of the hospitals we are part of) print countless things from EHRs, etc. Those prints never flow through any kind of tracking. 99% of the time they are printed, read and then simply put into a shred bin. Nothing stops someone from just taking things out of that bin and taking it home..

                                      B 1 Reply Last reply Reply Quote 0
                                      • B
                                        BRRABill @Dashrender
                                        last edited by

                                        @Dashrender said:

                                        You're kidding right? not lose track? We (and all of the hospitals we are part of) print countless things from EHRs, etc. Those prints never flow through any kind of tracking. 99% of the time they are printed, read and then simply put into a shred bin. Nothing stops someone from just taking things out of that bin and taking it home..

                                        No, I'm not kidding. Not from my understanding of HIPAA.

                                        Maybe not tracking, but you can't just print a bunch of stuff and then leave it wherever. There has to be aprocess from the printing through the proper disposal, which yes includes very fine shredding.

                                        S 1 Reply Last reply Reply Quote 0
                                        • S
                                          scottalanmiller @BRRABill
                                          last edited by

                                          @BRRABill said:

                                          @Dashrender said:

                                          But Scott's point is still valid. Once you print the paper the information is no longer secure. it can go anywhere, everywhere with no tracking.

                                          Not really. It is still trackable, and considered secure in the US Mail since it is a federal violation to tamper with that.

                                          It's also a federal crime to socially engineer someone to get access to their computers. Or to just hack in at all. But I don't think that holds up for not securing the data.

                                          B 1 Reply Last reply Reply Quote 0
                                          • S
                                            scottalanmiller @BRRABill
                                            last edited by

                                            @BRRABill said:

                                            @Dashrender said:

                                            How is your copier HIPPA compliant? Because the drive is encrypted and requires a username/password to get into the drive? Sure that makes it HIPPA compliant, but does not make it secure. If this was a high value target, someone could install a tap on the network connection and probably capture the prints in transit. I'm not aware of any printer that has a driver that uses SSL, though I'm sure there are some out there today.

                                            Here is a link to the brand we have.

                                            https://www.konicaminolta.eu/fileadmin/content/eu/Business_Solutions/Products/Security/PDF/SECURITY_WHITEPAPER.pdf

                                            Though I am pretty sure if your network is secured, encryption to the copier is not a big deal. It more the hard drive in case it gets traded back in, as in the 1.7 million dollar fine I mentioned earlier for leaving PHI on copiers.

                                            We could say all of that about desktops, laptops, etc. I'd generally agree with you. But only insofar as a printer would need any and all protection that a laptop would. If you feel a laptop would need to be encrypted, then a printer surely would since it would generally have many fewer protections and be way easier to steal in most cases.

                                            1 Reply Last reply Reply Quote 0
                                            • 1
                                            • 2
                                            • 8
                                            • 9
                                            • 10
                                            • 11
                                            • 12
                                            • 17
                                            • 18
                                            • 10 / 18
                                            • First post
                                              Last post