Printer security risks? Really? Yes! Copiers or Multifunction Printers (MFPs) pose a much greater security risk in your business than you may realise. There is a serious risk for hard-drive security breach, and understanding the consequences when not handled properly, is an industry-wide concern.
When printers morphed into the multifunction machines they are today, it greatly increased possible security issues. Today, the printer may be the most vulnerable piece of equipment in the office and printer security risks are real! Yet, it often gets less security attention or protection than other devices accessing the network.
How Are Printers Considered Security Risks?
An image is stored on the hard-drive of every document copied, scanned, or e-mailed by the machine, as well as other data. Some examples of data that have been found include social security numbers, birth certificates, bank records and income tax forms. This type of information would be very valuable to would-be identity thieves.
Most companies fail to delete thousands of copies stored on the copier or printer’s hard drive before returning their hired or leased machines, or selling them. When printers come off lease or rental and are returned to the supplier, they are often redistributed to buyers, wholesalers, and overseas distributors, without having the necessary steps taken to eliminate sensitive data. Although the data stored may be encrypted, it is still quite possible to gain access to this information. Many printers contain the IP address of the company’s primary and secondary email servers and, in some cases, secure log-on password(s).
Once a hard-drive is pulled out of the printer, software programmes are available (some for free on the Internet) which can pull all these documents and other data off the hard-drive. It’s pretty scary stuff, considering what might be on there.
Keep Your Business Safe
There are ways to mitigate printer security risks however, and ensure that the information processed by your copier or MFP stays safely within your organisation and not in the hands of identity thieves. All the major manufacturers offer data security or encryption kits for their products. Some come standard and some need to be purchased. Technologies such as image overwrite, removable hard-drives and encryption all help to ensure all data in and out of an MFP is unreadable.
However, many copier dealers, resellers and sales people simply do not make their customers aware of this. In surveys, it has become clear that many businesses are still unwilling to pay for such protection, and that the average copier buyer and user are completely unaware of the dangers posed by digital copiers.
Do not fall in this category. Digital copiers are by all accounts computers. Would you trade in a desktop PC, laptop or return a rental computer without first erasing the hard disk? No, you wouldn’t!
Why Does Printer Security Matter?
Many printers also serve as an entryway to your business’s network. A compromised printer can be used to infiltrate other applications, distribute ransomware or harmful code, or launch denial-of-service attacks on the printer (or your network).
It is very important to carefully evaluate the security measures built into any copier or MFPs you are currently using or considering purchasing, and to choose a vendor partner who will educate and cooperate with you on a data protection strategy. Those with older MFPs in use should make sure the security features available are enabled, and if needed, purchased.
What Else Can You Do?
- Configure copiers, printers, and other multi-function devices securely.
- Limit network access if possible.
- Avoid entering sensitive information into address books.
- Change default passwords for devices with web-based configurations. Employ access controls (e.g. user authentication, account codes, password protection).
- Develop appropriate policies and procedures that address proper disposal procedures for equipment, protecting sensitive data, etc.
- Always use appropriate disposal procedures for equipment (e.g., organisations should destroy / shred / wipe internal hard-drives or include appropriate contract language regarding proper disposal for leased equipment). When in doubt, consult the manufacturer for proper hard-drive cleaning procedures.
- Work with vendors to make sure devices meet industry security standards and certifications.
- Be sure to review current contracts. If security concerns arise, work with vendors to close the gaps and modify/update contracts as needed.
- Develop a template for contact/service agreements with vendors that have devices with more native security features. Many vendors also offer optional data security kits.
- Educate IT staff and other users.
- Remember to perform updates on a regular basis. Updates are often a manual process but some vendors offer security updates via RSS Feed.
- Consider managing all copiers/multi-function network devices through one office.
- Consider requiring drive encryption.
- Consider physical security of hard-drives for devices with open access, e.g. universities, libraries etc.
- Post flyers or label machines in public places as a reminder that any data copied there may be stored in the memory.
- Remind staff/users to avoid copying documents with sensitive information using public-access devices.
One Last Thing
Your organisation’s information security strategies are only as strong as its weakest link. And given the continued reliance of many businesses on printing, print security is not something you can choose to ignore.
Worried about your old copier or printer posing a security risk? Get quotes now to update your copier or printer