With the onset of much of our data becoming digital, many organizations are working around the clock, focusing upon protecting their assets. Businesses are starting to put cybersecurity at the forefront of their technology. We do so much to protect, detect and respond to new threats that arise many times each day—yet we forget about printer and copier data.
You have just installed a new shiny printer/copier in your office. It can do so much for you. You print sensitive documents to it. You can just as easily scan to file. You probably scan very important contracts that you just signed then emailed them straight away to the other party… Now what?
Some of that information may stay on the device for a while… Did you think about how to keep your business safe from possible data leaks? Can someone see what you just printed if they gained control of your device? What happens to the left-over information once your MFP devices are taken back at the end of the lease? These are the questions many should be asking and considering throughout the process of procuring and selling their devices. Many don’t realize that a printer could be a major risk to their business.
By now you are probably thinking, why does this matter? Or my devices do not store any data… Well, that is not true. Copiers and printers have evolved drastically just like everything else in technology. Most modern printers and copiers are like little computers now-days. This allows them to temporarily or even permanently store data on them. In addition, simple printers commonly used in most homes and small offices come with a web interface which allows system administrators to easily manage them remotely. At the same time, it possibly enables the risk where malicious insiders and hackers could gain access to those devices. All of those could be a disaster for many businesses. On that note, let’s talk about better protecting printers and copiers in the modern office.
Change Default Passwords
The number one thing that almost everyone omits in a printer/copier deployment is changing the default password. This is one of the simplest protections when it comes to securing your device from a hacker or other third parties.
Strategically locate your printers
Did you ever think about the proper location for your printers? It is very important to separate printers based upon departments. You need to train your staff that printing sensitive information to printers located in general areas could end up in the hands of someone else. Some users should have personal printers if they regularly deal with ultra-sensitive data.
Physical security is another very important aspect of location. Every business needs to make sure that outsiders and visitors don’t have easy access to the device. Just think of what might happen if your printer was stolen with the possibility of it having protected information still on it. It would be a nightmare.
Anyone that cares about their data should be doing this on a regular basis: set a schedule and stick to it. There are a few items you should be really concerned about. Technology evolves, vulnerabilities are discovered, and security upgrades are released on a regular basis. Make sure you have a maintenance plan to run those security and important updates. Sometimes there are other benefits to it like new features. It is not always just about security. If you update your computers and servers, you should do the same with your printers as well.
Data scrubbing should be a feature you are asking your reseller and dealer as well. I found that “better” printers and copiers will allow you to set a schedule on which all data is wiped from the internal hard drive. This will help make it harder for anyone that is trying to infiltrate your organization through the most commonly missed security measures in printers. On the other it may help extend life of your devices and make them a little faster.
This is one of the major concerns in today’s business. It is not only tied to printers and scanners. It affects servers, desktops, laptops and many other devices. As a security expert, I find that many organizations do not have proper lifecycle management practices in place. There could be various reasons why many will not take proper security precautions when disposing or re-issuing their technology. Trust me, I have seen it many times. Laptops and desktops being re-used with new employees, servers sold to a sister company—all with the old data still on there. It is important that all devices are securely wiped or disposed of. Not only the easily done ones, but ALL.
So how do we manage that with printers and scanners? There is one thing I always tell my clients when they are buying or leasing printers and scanners: negotiate, in the initial terms, for an internal hard drive replacement. Then, when you are ready to turn in the lease or sell your old devices, it is super easy to make sure it is done in a secure manner. You already negotiated an additional drive that is imaged for the device. Then either your print vendor or internal staff just swaps it out. You get it back and make sure it is securely destroyed. That way your data will not leave the building together with the device. Who knows where it could have ended up?
There are security implications you should be aware of with the onset of co-working spaces, printing services and other public services that allow printing and scan-to-email. Think of it like public Wi-Fi at times. Was it tampered with? Is it secure? From my experience, I can say you can turn a bit of the blind eye to security if your need to print or scan does not carry sensitive information. When it comes to contracts, personal or financial information, however, I strongly recommend finding out first what is done with the data before you copy or scan. Ask the question, “Is it scrubbed on a regular basis? Are proper disposal policies in place?” If you are not sure, then don’t do it. Have a personal device either in your home office or a trusted location where you can be confident your data will not end up in the wrong hands.
Today’s security threat landscape is not a matter of IF, but WHEN you will be compromised
To fully protect your organization,