A breach in the security of an organisation’s printers can result in harmful disclosure, stolen or compromised intellectual property and trade secrets
In the 21st century, the network is the backbone of all business activities. Virtually every business, and every person in it, is connected to the internet. Being connected comes with its own set of pros and cons; the biggest one being risks to information security. An organisation takes many a step to make sure that their information stays safe from leaks or thefts, be it via new or upgraded IT frameworks, security protocols, et al. However, what’s really interesting is that majority of the organisations tend to overlook upgrade or check printers in the process. A breach in the security of an organisation’s printers can result in unauthorised use of sensitive or proprietary information. It can lead to harmful disclosure, stolen or compromised intellectual property and trade secrets. And for many organisations, these security breaches can end with costly fines and litigation, to the tune of hundreds of thousands to millions of dollars. For those in IT, it’s critical to the security of an organisation’s network to make sure that security infractions can’t happen through network connected MFPs or at the devices themselves.
Printers continue to be one of the most essential devices in any office—small, medium or large. They have evolved from being mere printing and photocopying machines into smart workplace assistants, installed directly into company networks, and carrying considerable amount of confidential data in their print jobs. No matter how much we try to keep the devices secure, there are various ways via which a printer can get hacked. Hackers can intercept data while it’s being transmitted to the printer. According to research firm Quocirca, data loss through printing is prevalent, even among organisations that operate a managed print service. Overall 61% reported at least one data loss in the past year, 51% in organisations with more than 3,000 employees and 68% in organisations with 1,000-3,000 employees. An example that highlights how easy it is to execute cyber fraud can be seen in a recent case where 29,000 printers across university campuses in the US were hacked remotely, resulting in pages of offensive flyers mysteriously showing up in the output trays. This attack happened again in August this year, but this time 50,000 printers were targeted. Similarly, in November 2015, a laser printer was found to be sending out SSL traffic in a security breach on the network.
Moreover, if by mistake the documents are left lying on the printer unattended, it can also get exposed to prying eyes or can get picked up by an unauthorised person. According to a study conducted by CompTIA, 52% of employees—across various companies, state human-error as the leading cause behind data breaches, which means that if a document is left behind by a person or lost it can also lead to leak of confidential and sensitive information of an organisation. Here are the top seven security innovations that one needs to consider to tackle any document security risks:
Print encryption: When the data is being sent to the printers, it is very important for the companies to enable printers with characteristics of automatic file encryption. By enabling so, the transmission of data will become secure.
Clearing of data: In order to prevent vector attacks to happen, the image should be overwritten automatically on the hard-drive once the print job is finished. This would keep hackers out of the hard-drive.
Password protect that data: It’s sad how passwords are underrated whereas actually they can prevent most of the threats if used properly. If PIN codes and passwords are set directly on every printer and multi-functional printer present in the workplace, it would enable secure printing which would further prevent documents from being printing unattended.
Password protect your PDFs: Though Indians continue to trust paper files more, the reality is that they pose more threats than the files online. There is a possibility of setting up a password to access any scanned PDF whereas one cannot do the same on paper files. There is a chance that unauthorised people have access to PDFs of sensitive documents, hence users can also encrypt PDF files with passwords when using the scan to E-mail service, so one can get industry-standard protection when one’s present outside one’s business’s firewall.
Automate cloud to device workflows: Before using any cloud service it is very important to check once that it is authorised. Many employees tend to store sensitive documents in clouds which aren’t legitimate which causes data breaching. It is important to control where the data goes by choosing an MPF which helps one automate workflows so the data is safe in cloud-based apps that one has approved.
Upgrade printers with time: It is important to update and upgrade printers with time by adding new security features, patch known security holes and fix other problems.
Checking printers before discarding them: As the printers grow old, one disposes it and it is very important to check printer’s documentation.
Printer security is about password protection, encryption and updating and with the evolution of general network within, it has become even more important to take care of it, not just physically, but even within the web where documents are shared and stored.
The writer is director, Global Document Outsourcing, Xerox India