Print hardware must be secured

MFPs and the like are often ignored when it comes to organisational data security, says Mark Duffelen

Much has been made in the media about losses of electronic data in public places. While many organisations have taken steps to limit information loss via computers and handheld devices, a more hidden security risk is often overlooked: the printing environment.

Multifunction printers (MFPs) offer more data-handling features than ever, including hard drives for storing documents and scan-to-email services that make them as sophisticated as many desktop PCs.

Enterprises routinely attach MFPs to networks, giving them all the flexibility and security vulnerability of any computer on a network. Yet they are often left out of security policies.

Information such as stored documents, scanned data or print data can be intercepted via Local Area Networks or over the internet via Wide Area Networks.

In a worst-case scenario, a user from the outside could obtain confidential information, unleash a Denial of Service attack, or even gain access to your network through the analogue fax line, meaning communications could be intercepted or your network breached.

Internal threats are another concern. Disgruntled employees or others may wish to use sensitive data to their advantage, and then there is simple human error. How many times have you printed a confidential document or email only to be distracted and left your printout sitting in the paper tray? For security, not to mention compliance reasons, enterprises need to identify who uses each MFP and control how each person uses it.

Small businesses may be able to safeguard the printing environment with a few adjustments to working practices. Financial or healthcare businesses may require a higher level of security, and companies that specialise in law, research and development or the military would need even more.

Work with your vendor to identify specific security needs. Identify where information resides, track how it is transferred and ascertain the greatest areas of risk.

Before disposing of old equipment, wipe or remove the hard disk, if required.

Look at ways to scan and digitally secure information in a trackable or securable format. Consider converting incoming faxes into electronic formats. That will ensure no confidential faxes are left lying on the machine.

Always check what security features are built into the product when making new purchases.

Devices that are hidden from general view (for example, in a copier room with nobody near the machine) increase the opportunity for security breaches, so think about user authentication.

Security policy must keep up with developments and be kept in line with security across the entire IT infrastructure. Whereas only a few years ago a 128-bit level of protection was considered solid, 256-bit is now preferred, with 512-bit on the way. Smartcard and biometric readers for authentication are also becoming more common.

Either way, MFPs must be part of a holistic approach to corporate data protection.

Mark Duffelen is director and general manager of the channels group at Xerox UK and Ireland