Despite the move to digital communications, many businesses still rely on printing to support key business processes. MFPs are prevalent across businesses of all sizes and as such they are a critical network endpoint that must also be secured. Even behind a firewall, an MFP can be a front door to the network leading to the potential for compromising corporate or customer data.
With this in mind it seems an area where as much information as possible is made available, keeping it simple but useful for users at all levels. At ITQ we have been involved in print security since the advent of networked MFPs and would like to pass the knowledge gained on to you today through our series of blogs.
To start with how can your businesses minimise the risks? Fortunately, there are simple and effective approaches to protecting the print infrastructure. These methods not only enhance document security, but also promote sustainable printing practices – such as reducing paper wastage and printing costs. But for enterprises with a large and diverse printer/MFP fleet security may be of prime importance.
First off conduct a security assessment
For such enterprises, it is advisable to use a third-party provider to assess device, fleet and enterprise document security. This can evaluate all points of vulnerability across a mixed fleet and provide a tailored security plan, for devices, user access and end of life/disposal. Managed print service (MPS) providers commonly offer this as part of their assessment services.
Not all security assessments are equal
After cost, security is the second top driver for adoption of a MPS, indicated by 81% of respondents in a recent Quocirca survey. Consequently, many are taking up security assessments as part of their MPS process. Amongst organisations using MPS, the majority have started or completed a security assessment of their print infrastructure. This is more prevalent in the professional services sector where over half (55%) of organisations reported that they completed a security assessment compared to just 20% of public sector respondents
MFP Security Vulnerabilities
The potential risks include:
- Unclaimed output. Confidential or sensitive information can be collected inadvertently or intentionally by an unauthorised recipient.
- Latent images on hard disk. All documents whether they are printed, copied, scanned, faxed or stored are processed within the hard disk drive. This can present a risk not only if the device is hacked, but also at the end of life when potential hard disk data could be recovered.
- Unauthorised access to MFP functions. If MFP settings and controls are not secure, it is possible to alter and reroute print jobs, open saved copies of documents, or reset the printer to its factory defaults. Potential hackers could also attack print devices to either intercept or download copies of scanned-in documents, emails and user access credentials.
- Network security risk. Jobs sent to the MFP for printing typically sit unprotected on the server queue. At this stage, the printing queue can be paused and files copied and the queue restarted. In the worst case, a user from the outside can obtain confidential information, or place malware on the device. Open network ports also present a security risk enabling the MFP to be hacked remotely via an internet connection. Printers can therefore be prime targets of denial-of-service (DoS) attacks. Further, if data transmitted to a printer is unencrypted, hackers are potentially able to access this data.
The Quocirca research reveals that enterprises place a low priority on print security despite over 60% admitting that they have experienced a print-related data breach. Any data breach can be damaging for any company, leaving it open to fines and causing damage to its reputation and undermining customer confidence. In the UK alone estimates suggests that in 2013 the average organisational cost to a business suffering a data breach was £2.04m.
As the boundaries between personal and professional use of technology become increasingly blurred, the need for effective data security has never been greater. While many businesses look to safeguard their IT data hardware from external and internal threats, few pay the same strategic attention to protecting the print environment. Yet it remains a critical element of the IT infrastructure. Over 75% of enterprises indicating that print is critical or very important to their business activities.
The print landscape has changed dramatically over the past decade. Local single function printers have given way to the new breed of networked multifunction peripherals (MFPs). With print, fax, copy and advanced scanning capabilities, these devices have evolved to become sophisticated document capture and processing hubs with multiple user access points and multiple hacker options.
While they have undoubtedly brought convenience and enhanced user productivity to the workplace, they also pose security risks. They have built in network connectivity, along with hard disk and memory storage, MFPs are susceptible to many of the same security vulnerabilities as any other networked device.
Then a move to a centralised MFP environment means more users are sharing devices. Without controls, documents can be collected by unauthorised users – either accidentally or maliciously. Similarly, confidential or sensitive documents can be routed in seconds to unauthorised recipients, through scan to email, scan to file and scan to cloud storage functionality. Further controls are required as employees print more and more direct from mobile devices.
Yet many enterprises are not taking heed. Quocirca’s study revealed that just 22% place a high priority on securing their print infrastructure. While financial and professional services sector consider print security a much higher priority, counterparts in the retail, manufacturing and the public sectors lag way behind. Such complacency is misplaced. Overall 63% admitted they have experienced a print-related data breach. And an astounding 90% of public sector respondents admit to one or more paper-based data breaches.
Print environments are often a complex and diverse mix of products and technologies, further complicating the task of understanding what is being printed, scanned and copied where and by whom. Enterprises should use centralised print management tools to monitor and track all MFP related usage. This can either be handled in-house or through an MPS provider.
With MFPs increasingly becoming a component of document distribution, storage and management, organisations need to manage MFP security in the same way as the rest of the IT infrastructure. By using the appropriate level of security for their business needs, an organisation can ensure that it’s most valuable asset–corporate data–is protected.
For more information or assistance in developing your print security contact ITQ 01635 874848 or look up http://www.imagethroughquality.com/audit-and-consultancy.html