VARs must switch on to secure printing

Networked printers pose a risk that needs managing, writes Marcus Austin in the third of our five-part series

Touch sensitive: A printer with a fingerprint reader attached will not print a job until the job owner activates it

Most office-based workers have walked over to a printer to pick up their pages only to find a print job in the tray with no apparent owner. Some will have even stumbled across sensitive documents, such as a staff salary review or an internal restructure proposal.

According to an IDC survey for Canon, a worrying 40 per cent of staff are more than happy to pick up and read such sensitive company data from shared office printers.

Just over 72 per cent of office workers admit to picking up their colleagues’ personal emails, while 18 per cent have come across personnel records including private home addresses, mobile phone numbers and salary information.

In addition, as many as 70 per cent of workers in some departments have found job-hunting employees’ CVs on shared printers and one in 10 have even happened across job applications.

For businesses, these findings clearly indicate inherent security concerns with printers. IDC warns that companies that do not protect their sensitive information could fall foul of privacy legislation such as the Data Protection Act (DPA), and could be unwittingly breaking non-disclosure agreements with other organisations.

Matt Marshall, research director at IDC, says: “Our findings appear to be shocking, especially in terms of today’s compliance-driven business environment.

“Many companies could unknowingly be breaking legislation and commercial agreements in terms of sensitive client and employee data such as company financials and personal information.

“It is important that UK businesses and their staff take these findings on board and focus on solving the problem.”

Unaware of the risks
In addition, Brother has recently conducted YouGov research into printing habits. It shows that three out of four SME owners are not aware of the risks of unsecured printing. Even in businesses that are aware of the problems, only 43 per cent have measures in place to safeguard against them.

Terry Caulfield, general manager for sales at Brother UK’s Printing Solutions division, adds: “Printer security is often overlooked. Even if a network is secure, packets of information sent to a printer can be susceptible to hacking. This can have serious commercial repercussions for any business.”

With security enabled for an organisation’s printer estate, the secrets in the salary review print job, or the CV or the private email remain in the printer, waiting for the job’s owner to type in a PIN code before it is printed.

But secure printing is still generally unknown, says Roger Christiansen, marketing manager at InfoPrint Solutions.

“With most printers and multifunctional printers [MFPs] sitting on a network these days, they are open to the same kinds of security threats as PCs and laptops, yet the vast majority of businesses do not know or understand this. So an opportunity exists for resellers to educate users and explain the various solutions available to them,” he says.

Secure printing is mainly used in government and in defence industries, but has filtered through to large enterprises, mainly in the legal and financial services industries. As secure features and functions start to turn up on smaller and less expensive devices, the market will grow to take in SMEs.

Neil Sawyer, enterprise marketing manager at HP’s Imaging & Printing division, believes that an untapped market exists for secure printing among smaller law firms.

Low-hanging fruit
“The legal sector is a low-hanging fruit,” Sawyer says. “There is lots of potential out there. Local solicitors and small law firms are all ideal target markets.”

Sawyer sees accountants and education markets as other customers ripe for secure printing.

An alternative approach to selling devices with secure printing is suggested by Steve Pearce, marketing product manager at Samsung Electronics UK: “Secure printing is particularly important to departments within an organisation where security is key.

“Take the HR department as an example. Practically every document they print will be confidential: salary details, disciplinary information, contracts. And this is where the channel should be targeting.

“Using a horizontal marketing approach, resellers should focus on an organisation’s security needs as opposed to its printing needs, as would normally be expected. Once success has been proven in one department, it is much easier to approach others within the comp-any than it would be as an unknown external supplier. “Word of mouth is a powerful tool when it comes to selling.”

Compliance imperative
As well as the obvious need for secrecy in professions such as law and accountancy, there are further reasons to guard data.

Legislation such as the Data Protection Act (DPA) lays a duty of care on companies towards customer data. And while the Information Commissioner’s Office (ICO) - the department that enforces the DPA - has been lenient in the past, that is changing.

Earlier this year, an ICO investigation found that Orange was failing to keep its customers’ personal information secure. The mobile phone giant had been allowing new members of staff to share usernames and passwords when accessing the company IT systems.

Orange had to sign a formal undertaking to comply with the principles of the DPA. Failure to meet this undertaking could lead to further enforcement action by the ICO and possible prosecution.

Canon sees laws such as the DPA as one of the main reasons why more and more businesses are adopting secure printing.

Geoff Slaughter, director of Canon’s partner channel, says: “We always think of secure printing as coming from government departments and the Ministry of Defence, but actually every company has an issue with secure printing because of things like the DPA, which covers personnel records - which every company has - as well as the usual customer records and databases.”

There are many different ways to manage printer security, and they all have their own strengths and weaknesses.

At the most basic level, the abil-ity to track what is being printed in the business through a printer management package is a good start.

PINs on printers can stop a print job from being printed where everyone can see it, although it will not stop someone gaining access to a PC while the user is at lunch and printing off files they should not have access to. However, users can log and track usage, which at least allows people to see who has used what and where.

Print managers
Most corporate PCs have the facility to lock down their USB ports and CD writers, but they usually will not stop users printing a file.

With a print management package such as HP’s Web JetAdmin - a free download that works with HP printers and any printer that complies with management information base - users can log and track print jobs, set passwords for printers and set security features on the printer.

A bonus of print management software is that it also allows users to reduce printer costs. Because it sends the correct job to the correct printer, users waste no paper or toner on jobs that have to be re-sent to the correct device.

It can also monitor use by users and departments, allowing departments to be charged for print use. Print management software can also deny features such as colour and single-sided printing to certain users or groups of users - see last week’s feature on print management for more details.

Sawyer sees the management of the printer environment as central to print security.

“Managing user rights and the hardware itself is critical,” he says. “A departmental MFP is just like a server now and can often provide a hackable entrance into a company’s corporate network unless it is managed and monitored properly.

“Resellers can add real value by taking their sales strategy to the next step by encouraging customers to manage their infrastructure with solutions such as Web JetAdmin.”

PIN security and features that prevent jobs being printed until a user swipes their card, or puts their finger on a fingerprint reader on the printer, are starting to appear on a wide range of printers, not just the high-end devices, as manufacturers realise that security is a big issue.

While PINs are becoming the industry-standard authentication system on higher-end devices, Pearce thinks that proximity cards and biometrics will become more prevalent over the next year.

He says: “To maximise their potential in this area even further, resellers should ensure they keep abreast of the latest security technologies as much as possible, particularly proximity card technology. The education sector currently uses these cards so that university students can pay for items such as food and drink, travel and even building access using just one card.

“However, this has not yet been extended to printing - cash is still the only way to pay for this service. This is a real area of opportunity to add value and resellers should be looking to capitalise on it.

“Biometrics has also been a hot topic for a number of years now, and we believe that in 2008 it will be a major focus within the print arena.”