It's the stuff of an IT manager's nightmare: a government agency known by its initials sweeps in to audit the company for compliance with a set of vague regulations that may or may not clearly spell out clearly what constitutes compliance.
Increasingly, compliance audits for FINRA, FERPA, HIPAA, MIPPA, NAIC, PCI and 22 other federal standards are focusing on mobile device security. Whether it's a public Wi-Fi connection in a restaurant or office conference room or an employee owned tablet or smartphone connecting to a corporate network, there's one place where many compliance audits are finding a crack in the security perimeter: mobile printing.
One reason for the awareness among regulators is a rise in prosecutions and litigation related to the Computer Fraud and Abuse Act (18 USC 1030) or CFA. Publicity about the CFA makes state and federal regulators more intent on compliance related to the most highly publicized data breaches ? and increasingly, such breaches include some kind of mobile device or removable storage device.
Shawn E. Tuma, an attorney recognized nationally as an expert in computer fraud and the legal issues surrounding data security, says that 90% of businesses have suffered a data loss that could be considered computer fraud under the CFA ? and that's just within the past 12 months. Tuma points out that cell phones, tablets, and printers all meet the definition of a computer for purposes of the CFA.
That's because in 2011, in U.S. vs. Kramer, the U.S. Eighth Circuit Court of Appeals ruled that a computer could be defined as any device with storage and processing capabilities ? and the Fourth Circuit Court of Appeals took things a step further specifically naming devices like watches, telephones, MP3 players, and printers so long as they are "protected" under the CFA. What does it take for a device with a processor and storage capabilities to be "protected" under the CFA? It has to be connected to the Internet or a network that is connected to the Internet.
The first rule is that there is no consistent standard for mobile printing compliance. The rules vary depending on what kind of business you work in. For instance, if your business is subject to FINRA, NAIC, FERPA or HIPAA oversight ? meaning that your network process, stores, or handles banking, financial services, insurance, health care, pharmaceutical, or educational data ? then the security standards for mobile devices and printers are the same as those for any other "computer".
In a compliance audit, you may be asked to show that:
If that's not completely clear to you, then you're not alone. The truth is that the CFA and the various industry oversight regulations are very complex, and the rules for compliance continue to change and evolve. In general, most compliance experts advise businesses to:
For specifics on what compliance rules apply to your industry, check on the compliance guidelines published by national trade associations.
Breezy is the only mobile print provider that secures data on any mobile device ? iPhone, iPad, Android tablet or smartphone, or BlackBerry device ? with military-grade encryption before transferring the encrypted files safely via SSL to any approved printer or print network. Breezy can be installed in minutes, and is already integrated with five of the top 6 mobile security platforms.
Add Breezy to these general tips on compliance, and you'll be ready for any federal or state compliance audit.
Customers report that Breezy installations are among the easiest they’ve ever seen for an enterprise product.