Are your multi-functional printers a security risk?
How many multi-functional printers do you have in your organisation? Tot them up. There are probably more than you realised. Now, how many of them are secured? That is, protected against spyware, malware, hacking, breaches of confidential data?
None? You’ve just discovered a secret security blind spot you didn’t even know existed. Multi-function printers are often ignored as a security risk. In fact, they’re just as important a security concern as your PCs and laptops are. Think about it: today’s MFPs are as powerful as a laptop, packed with a hard drive, memory and CPU.
We’re told that awareness of cyber-crime is growing all the time, yet it’s still the case that online crime is a major business threat.
The scale of cyber-crime in the UK
Research recently commissioned by the Department for Business, Innovation and Skills (BIS) found British companies lose billions of pounds a year thanks to cyber-crime, with some facing security breaches every couple of days:
- 93% of large firms and 87% of small firms were targeted in 2013
- some attacks caused more than £1 million in damage
8 the average cost of a breach was put at between £450,000 and £850,000
Why are MFPs a specific security risk?
- MFPs host confidential data – think financial reports and confidential documents
- They’re usually connected to a network – leaving them open to breaches
- They often go ignored as a security risk – ironically meaning they’re more of a target
- Bring Your Own Device (BYOD) is an increasing trend – are your employees’ own printers protected?
Unsecured MFDs can pose a significant security threat to your business. Remember, too, that confidential print-outs left near a printer could easily be stolen, falling into the wrong hands.
In recent years companies have looked to streamline paper-based workflows, giving the networked, multi-functional printer a much more central role in document lifecycle production.
But despite the greater reliance, companies are failing to manage the vulnerability of their MFPs.
Research by Quocirca found:
- Just 22% of businesses have implemented secure printing initiatives
- 90% have experienced one or more print-related data breaches
- Low priority, unawareness of benefits and a lack of print security strategy are the top 3 reasons print security is not adopted
Why should printer security be a higher priority?
Not recognising the importance of printer security will leave you vulnerable to hackers and disgruntled/malicious employees and at risk of a security breach, for example:
- Theft of intellectual property and confidential data
- Significant impact on reputation – research by Beazley shows 40% of companies would not do business with a company that had suffered a breach
- Breach of the Data Protection Act, potentially resulting in a fine
Addressing a print security strategy
By addressing a print security strategy you will realise the benefits of a secure printing infrastructure. To get you started here are 3 focus points.
1. Basic security settings
It might sound obvious, but you’d be surprised how many companies haven’t put even the most basic security settings in place for their MFPs. Think about your devices, are they set up to the optimal configuration so as to guarantee the long-term security of your device?:
- Set up user authentication – set up PINs and passwords
- Creating different access levels – only give users access to the printing facilities they need
- Ensuring any third-party applications running on an MFP are secured
2. Robust management culture
A strong, well-enforced IT policy is the backbone of a successful organisation. In 2011 York Council breached the Data Protection Act by accidentally disclosing personal data to a third party – all because of a printer mix-up.
The authority incorrectly sent out personal information with other documentation to an unrelated third party. The sensitive personal data was included because it was mistakenly collected from a shared printer, then posted by an employee who did not check whether the papers were relevant.
Securing the data is important. Have you considered how secure the operation of your printers is and is it integrated within your general security guidelines? You could consider implementing a design which could include authenticating users to ensure that only authorised employees can access documents from your printers, encrypting print jobs and safely removing sensitive data.
To help you protect your printed documents, you could consider a pull print solution which requires authentication from the user, preventing it from ending up in the wrong hands. Secure mobile printing and special secured input trays for sensitive documents could also be implemented.
3. Auditing and reviewing
As well as implementing solutions, take advice on best practice to increase security, strengthen compliance, and reduce risks. This could include introducing printing policies, as well as giving you the tools to monitor usage and control access for different user groups.
IT policies should not stay the same, especially set against the backdrop of such a rapidly changing technology landscape. Review your policy regularly – say every quarter – taking into account any issues that have cropped up over the previous 3 months.