Copiers, printers, scanners and fax machines can present some serious security risks to any organization. Sometimes, these devices are overlooked when businesses create their security policies. Yet, there are a number of reasons that printers or copiers can expose your entire network, from wireless and mobile printing options to unencrypted hard drives. If you are governed by compliance regulations or maintain sensitive information, the security of printers and copiers should not be taken lightly.
Earlier this year, internet security expert Michael Jordon hacked into printers to install and play the iconic 20th century game Doom. His efforts were to call attention to the security risks with the "internet of things", and it worked. The printer he used was a typical modern office printer with an LCD screen and built-in wireless connectivity. While this was partially done due to security design flaws on the part of the manufacturer, it has people wondering if their own device is safe from such an attack. Put it this way: if someone can install and play a first person shooter game on your printer, they can install and malware.
Even when the manufacturer’s security features are flawless, it is up to users to activate and use those features, as well as establish security policies and practices.
Another notorious incident of printer-related security breaches happened in 2010, when Affinity Health Plan didn’t erase protected health information from their copier hard drives before returning the machines to the leasing company. As a result, more than 33,000 records were exposed, a HIPAA violation that cost Affinity 1.2 million dollars in a settlement with the Department of Health and Human Services (DHHS).
So how do you make copiers and printers secure? It’s all about understanding the risks presented and mitigating those risks. While not an exhaustive list, below are some important considerations for ensuring your printers, copiers and all-in-one devices are secure.
Look at the location of your equipment. It should not be accessible by anyone other than authorized staff. This often means keeping it in areas that are not accessible to the general public, such as behind a counter, in a secure section of the office, etc. You can and should also remove physical ports from the printer, such as USB ports.
Hard drive protection
Multifunction printers, copiers, scanners and other devices have hard drives that store documents that are faxed, copied, printed and scanned. This hard drive needs to be secure from outside access (physical or technological) and it needs to be wiped clean before the machine leaves the premises for any reason.
Copy machines or printers that access sensitive materials should have technological access controls as well. This can be as simple as a user name and password, PIN numbers or proxy cards. Consider adding an automatic log-off function too.
Monitoring and auditing
Especially where you might have concerns of an employee replicating financial or confidential information, the ability to monitor use is both a deterrent and a safeguard for the most sensitive information. Auditing also allows you to go back and verify all of the transactions on the equipment, ensuring protection and the ability to see outside access.
Data needs to be encrypted, not just while it is being stored on the hard drive of the printer or copier, but also while it is in transit to and from the machine. If a user is scanning documents or sending jobs to the printer, the data is otherwise exposed while in transit and can be accessed from the outside. Data encryption should be in place throughout the network, but be sure that you include printers as well.
Watch the wireless
Wireless printing, cloud printing and mobile printing are all great options that make printing more flexible for staff. These productivity boosting features need to be met with caution. Ensure that if using these features that they are secure. For example, any mobile printing should be done with a mobile device that is not able to infect the printer with malware and any wireless printers need to be secure on the network – which they often are not.
Many of today’s printers, copiers and all-in-one devices have a number of security features. It’s a matter of ensuring that you use a printer that has the features you need, but that you also put security policies in place that protect your data from even the most innocuous seeming devices in your inventory.
Milner is a leading provider of office technology solutions that enhance business operations and keep data secure. From our extensive selection of secure printers and copiers to our full range of IT services, we can help you ensure the security of your most valuable assets. Contact us for more information.