ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Local Encryption ... Why Not?

    IT Discussion
    15
    357
    173.8k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      Dashrender
      last edited by Dashrender

      Holy cow, I got the same thing.

      0_1450220827462_ml2.PNG

      0_1450220780525_ML-wow.PNG

      1 Reply Last reply Reply Quote 0
      • D
        Dashrender
        last edited by

        Now my browser does have a PDF viewer enabled in it, so the file opened in the browser, but I'm pretty sure it did download and open locally.

        This definitely seems odd, but now that I think about it, makes some sense. Because you're not printing the whole browser window, or even a window within the browser, Word (in this case) needs some way to enforce printing format. Forcing it to a PDF and then requiring the user to use a local PDF view to do the printing does make sense...

        Though i wonder if it would have been better to have the print job open in a new Window formatted as desired, ignoring actual window size, etc... and then launching the browser print option - though I'm guessing there it to much chance that printing would not have the correct formatting.

        1 Reply Last reply Reply Quote 0
        • S
          scottalanmiller
          last edited by

          Very odd. Although I suppose this helps to highlight that if you go to print, you are exposing things. Printing isn't secure - not from the network side nor the paper side. If you are forced to download a PDF, I guess it would help to remind users that they are doing something inherently insecure.

          But why would it do this rather than printing directly?

          D B 2 Replies Last reply Reply Quote 0
          • D
            Dashrender @scottalanmiller
            last edited by

            @scottalanmiller said:

            But why would it do this rather than printing directly?

            Did you post this while I was editing my previous post?

            1 Reply Last reply Reply Quote 0
            • S
              scottalanmiller
              last edited by

              Yes

              1 Reply Last reply Reply Quote 0
              • D
                Dashrender
                last edited by

                What do you think of the possible reasons I posted?

                1 Reply Last reply Reply Quote 0
                • S
                  scottalanmiller
                  last edited by

                  That seems to make sense. By going to PDF you know that you will be able to get an exact copy rather than something "close-ish."

                  1 Reply Last reply Reply Quote 0
                  • B
                    BRRABill @scottalanmiller
                    last edited by

                    @scottalanmiller said:

                    Very odd. Although I suppose this helps to highlight that if you go to print, you are exposing things. Printing isn't secure - not from the network side nor the paper side. If you are forced to download a PDF, I guess it would help to remind users that they are doing something inherently insecure.

                    But why would it do this rather than printing directly?

                    Printing can be secure.

                    Our copier is HIPAA compliant.

                    You could also just hang a personal laser printer off the box you want to be secure.

                    My point is that who knows what files these secure browsers are putting on your machine.

                    When I am going across some crazy border as a spy, I want to be sure. (NOTE: I have barely ever left the US.)

                    D 1 Reply Last reply Reply Quote 0
                    • D
                      Dashrender @BRRABill
                      last edited by

                      @BRRABill said:

                      @scottalanmiller said:

                      Very odd. Although I suppose this helps to highlight that if you go to print, you are exposing things. Printing isn't secure - not from the network side nor the paper side. If you are forced to download a PDF, I guess it would help to remind users that they are doing something inherently insecure.

                      But why would it do this rather than printing directly?

                      Printing can be secure.

                      Our copier is HIPAA compliant.

                      You could also just hang a personal laser printer off the box you want to be secure.

                      My point is that who knows what files these secure browsers are putting on your machine.

                      When I am going across some crazy border as a spy, I want to be sure. (NOTE: I have barely ever left the US.)

                      I have no idea what you're talking about crossing borders...

                      But Scott's point is still valid. Once you print the paper the information is no longer secure. it can go anywhere, everywhere with no tracking.

                      How is your copier HIPPA compliant? Because the drive is encrypted and requires a username/password to get into the drive? Sure that makes it HIPPA compliant, but does not make it secure. If this was a high value target, someone could install a tap on the network connection and probably capture the prints in transit. I'm not aware of any printer that has a driver that uses SSL, though I'm sure there are some out there today.

                      B 3 Replies Last reply Reply Quote 0
                      • B
                        BRRABill @Dashrender
                        last edited by

                        @Dashrender said:

                        I have no idea what you're talking about crossing borders...

                        Was an IT joke. Poor one, perhaps.

                        Like if I was a spy.

                        1 Reply Last reply Reply Quote 0
                        • B
                          BRRABill @Dashrender
                          last edited by

                          @Dashrender said:

                          But Scott's point is still valid. Once you print the paper the information is no longer secure. it can go anywhere, everywhere with no tracking.

                          Not really. It is still trackable, and considered secure in the US Mail since it is a federal violation to tamper with that.

                          D S 2 Replies Last reply Reply Quote 0
                          • B
                            BRRABill @Dashrender
                            last edited by

                            @Dashrender said:

                            How is your copier HIPPA compliant? Because the drive is encrypted and requires a username/password to get into the drive? Sure that makes it HIPPA compliant, but does not make it secure. If this was a high value target, someone could install a tap on the network connection and probably capture the prints in transit. I'm not aware of any printer that has a driver that uses SSL, though I'm sure there are some out there today.

                            Here is a link to the brand we have.

                            https://www.konicaminolta.eu/fileadmin/content/eu/Business_Solutions/Products/Security/PDF/SECURITY_WHITEPAPER.pdf

                            Though I am pretty sure if your network is secured, encryption to the copier is not a big deal. It more the hard drive in case it gets traded back in, as in the 1.7 million dollar fine I mentioned earlier for leaving PHI on copiers.

                            S 1 Reply Last reply Reply Quote 0
                            • D
                              Dashrender @BRRABill
                              last edited by

                              @BRRABill said:

                              @Dashrender said:

                              But Scott's point is still valid. Once you print the paper the information is no longer secure. it can go anywhere, everywhere with no tracking.

                              Not really. It is still trackable, and considered secure in the US Mail since it is a federal violation to tamper with that.

                              what if you don't put it in an envelope? What if you just take it home? what if you make a copy of it? once you have that printout.. you can do anything you want with it.

                              B D 2 Replies Last reply Reply Quote 0
                              • B
                                BRRABill @Dashrender
                                last edited by

                                @Dashrender said:

                                what if you don't put it in an envelope? What if you just take it home? what if you make a copy of it? once you have that printout.. you can do anything you want with it.

                                If it is paper with PHI, it still has to be protected.

                                For example, we have questionnaires where the respondent MIGHT put their name on. SO we have to log it into our building, and secure it in a locked cabinet in a locked room.

                                Just because it is paper doesn't mean you can lose track of it.

                                D 1 Reply Last reply Reply Quote 0
                                • D
                                  Dashrender @Dashrender
                                  last edited by

                                  @Dashrender said:

                                  @BRRABill said:

                                  @Dashrender said:

                                  But Scott's point is still valid. Once you print the paper the information is no longer secure. it can go anywhere, everywhere with no tracking.

                                  Not really. It is still trackable, and considered secure in the US Mail since it is a federal violation to tamper with that.

                                  what if you don't put it in an envelope? What if you just take it home? what if you make a copy of it? once you have that printout.. you can do anything you want with it.

                                  Does this mean we can't use it? Of course not, we have to believe that our staff is trustworthy, or we have to get rid of them. Scott's main point, at least as I saw it, was to simply make you aware of this situation, not to make you worried about it.

                                  1 Reply Last reply Reply Quote 0
                                  • D
                                    Dashrender @BRRABill
                                    last edited by

                                    @BRRABill said:

                                    @Dashrender said:

                                    what if you don't put it in an envelope? What if you just take it home? what if you make a copy of it? once you have that printout.. you can do anything you want with it.

                                    If it is paper with PHI, it still has to be protected.

                                    For example, we have questionnaires where the respondent MIGHT put their name on. SO we have to log it into our building, and secure it in a locked cabinet in a locked room.

                                    Just because it is paper doesn't mean you can lose track of it.

                                    You're kidding right? not lose track? We (and all of the hospitals we are part of) print countless things from EHRs, etc. Those prints never flow through any kind of tracking. 99% of the time they are printed, read and then simply put into a shred bin. Nothing stops someone from just taking things out of that bin and taking it home..

                                    B 1 Reply Last reply Reply Quote 0
                                    • B
                                      BRRABill @Dashrender
                                      last edited by

                                      @Dashrender said:

                                      You're kidding right? not lose track? We (and all of the hospitals we are part of) print countless things from EHRs, etc. Those prints never flow through any kind of tracking. 99% of the time they are printed, read and then simply put into a shred bin. Nothing stops someone from just taking things out of that bin and taking it home..

                                      No, I'm not kidding. Not from my understanding of HIPAA.

                                      Maybe not tracking, but you can't just print a bunch of stuff and then leave it wherever. There has to be aprocess from the printing through the proper disposal, which yes includes very fine shredding.

                                      S 1 Reply Last reply Reply Quote 0
                                      • S
                                        scottalanmiller @BRRABill
                                        last edited by

                                        @BRRABill said:

                                        @Dashrender said:

                                        But Scott's point is still valid. Once you print the paper the information is no longer secure. it can go anywhere, everywhere with no tracking.

                                        Not really. It is still trackable, and considered secure in the US Mail since it is a federal violation to tamper with that.

                                        It's also a federal crime to socially engineer someone to get access to their computers. Or to just hack in at all. But I don't think that holds up for not securing the data.

                                        B 1 Reply Last reply Reply Quote 0
                                        • S
                                          scottalanmiller @BRRABill
                                          last edited by

                                          @BRRABill said:

                                          @Dashrender said:

                                          How is your copier HIPPA compliant? Because the drive is encrypted and requires a username/password to get into the drive? Sure that makes it HIPPA compliant, but does not make it secure. If this was a high value target, someone could install a tap on the network connection and probably capture the prints in transit. I'm not aware of any printer that has a driver that uses SSL, though I'm sure there are some out there today.

                                          Here is a link to the brand we have.

                                          https://www.konicaminolta.eu/fileadmin/content/eu/Business_Solutions/Products/Security/PDF/SECURITY_WHITEPAPER.pdf

                                          Though I am pretty sure if your network is secured, encryption to the copier is not a big deal. It more the hard drive in case it gets traded back in, as in the 1.7 million dollar fine I mentioned earlier for leaving PHI on copiers.

                                          We could say all of that about desktops, laptops, etc. I'd generally agree with you. But only insofar as a printer would need any and all protection that a laptop would. If you feel a laptop would need to be encrypted, then a printer surely would since it would generally have many fewer protections and be way easier to steal in most cases.

                                          1 Reply Last reply Reply Quote 0
                                          • S
                                            scottalanmiller @BRRABill
                                            last edited by

                                            @BRRABill said:

                                            @Dashrender said:

                                            You're kidding right? not lose track? We (and all of the hospitals we are part of) print countless things from EHRs, etc. Those prints never flow through any kind of tracking. 99% of the time they are printed, read and then simply put into a shred bin. Nothing stops someone from just taking things out of that bin and taking it home..

                                            No, I'm not kidding. Not from my understanding of HIPAA.

                                            Maybe not tracking, but you can't just print a bunch of stuff and then leave it wherever. There has to be aprocess from the printing through the proper disposal, which yes includes very fine shredding.

                                            Actually the shredding doesn't have to be fine or even destroy the data, sadly. Once you "moderately mangle it" it's considered enough effort. One of my big complaints about HIPAA, it's a scam and does nothing to protect against data leakage.

                                            B 1 Reply Last reply Reply Quote 0
                                            • 1
                                            • 2
                                            • 13
                                            • 14
                                            • 15
                                            • 16
                                            • 17
                                            • 18
                                            • 15 / 18
                                            • First post
                                              Last post