(Submitted by Gareth Stevenson)   In today’s world, while printers and copiers may seem like innocuous office equipment, they can pose some of the biggest security risks in an organization simply by being accessed by someone without proper authorization. Here are some statistics on printer security:
  • 59% of employees said colleagues leave printer pages in the paper tray.
  • 41% of office employees use their own unsecured devices at work because they are easier to use.
  • 23% said they used public file sharing sites without business approval.
  • 31% take information out of the office to complete work at home.
  • 8% of organizations have had employees access confidential information that they should not have had access to.
  • 24% of workers store information in the public cloud even though they are not permitted to do so.
When purchasing a new multifunction device, here are some key features to consider:
  1. Hard Drive
  2. USB Drive (“Thumb” Drive) Access
  3. Securely Managing & Sharing Documents
  4. Secure Printing
  5. Intrusion Security
1. Hard Drive Most copiers or larger networked devices have hard drives. The hard drive is basically a high-capacity self-contained storage device with a read-write mechanism. The purpose of the hard drive is to store images of all the documents you copy, fax, print, or scan. Please be aware that hard drives can be removed.   There are two types of Hard Drives:
  • HDD (Hard Disk Drive) – A legacy type of drive that uses spinning disks to read and write data.
  • SDD (Solid State) – A newer type of drive which is faster and more powerful. It is also more compact with less moving parts and uses flash memory.
An important feature related to MFD hard drives is “Data Overwrite.” This feature is standard and included on most MFDs. “Data Overwrite” is using random numbers to rewrite or replace files and other data that is stored on a hard drive. The use of random numbers in this rewriting process stops unauthorized users from retaining information from the MFD internal memory and trying to access it later.   Key Data Overwrite features:
  • Your MFD’s hard drive should have, at minimum, up to 8 times data overwrite and 256-BIT AES (Advanced Encryption Standard) data encryption to ensure that your data is unrecoverable by anyone other than you.
  • Additional image overwrite features like a “Data Security Kit” provide extra layers of protection and encryption so that even if the hard drive is removed, it cannot be recovered.
Lastly, when you return your copier back to the leasing company, you should always have an “End-of-Lease Erase” performed on the hard drive of the MFD. This will ensure that there are no documents or information left on the device.   “End-of-Lease Erase” benefits:
  • Ensures that all confidential data is overwritten before the device leaves your facility.
  • Information will not accidentally get into the wrong hands.
  • “Certification of Wipe” documentation is provided.
2. USB Drive (“Thumb” Drive) Access You may be wondering how a USB drive, or “thumb” drive, could possibly be a security risk? The answer is this: these devices can allow unauthorized access to an endpoint and result in security breaches. Most copiers or multifunction devices have a USB port that users can plug a USB drive into to copy, print, or scan stored documents from or, in some cases, even take documents away from the MFD that may have been stored in the MFD’s hard drive.   Some ways to combat these risks are for you to limit user functions via the device control or print management software or to use the device homepage of your MFD to disable the USB port altogether.   Turn off USB Thumb Drive Access to stop intrusion or misuse of information via MFD device:
  • MFD Home Page
  • Remote Management Tools like HP Web Jet Admin or other Remote Device Management Tools
3. Securely Managing & Sharing Documents There are times that sensitive information will need to be scanned or faxed. With today’s MFD, there are several ways to securely transmit or access information, including the following:
  • Use of Encrypted PDF, which is a locked PDF document that is transmitted with an encrypted password.
  • Scan to shared folder or “Users” folder that is password protected with permissions enabled.
  • 3rd-party secure scanning and document management tools (Ex. Laserfiche; Softworks Square 9)
  • E-Fax or secure faxing through digital faxing software (Ex. Right Fax; Gold Fax)
  • Hot Scan Folders that can pull documents into 3rd-party applications
  • “Cloud Connector” for applications like SharePoint, One Drive, or Google Drive
  • Use of “Single Sign-on” or “Two-factor Authentication”
4. Secure Printing Some users may not need to print securely; however, some users may find this a valuable feature. For example, secure printing stops confidential printouts from being left unattended at the MFD. These printouts containing sensitive information could easily become mixed in with another user’s job and wind up in an unauthorized user’s hands.   “Secure Print Job Release” is just one way that you can print securely via the MFD. This feature is accessed through your Print Driver which can require the following to access the printout:
  • Pin or username along with a password, which would allow you to release the job at the MFD from the stored jobs
  • ID Card Swipe with 3rd-party integrations like Papercut
  • Serverless Print Release / “Follow me” Print solutions
5. Intrusion Security Believe it or not, hackers could possibly try to access your copier! Copiers can be an easy access point for a hacker to gain entry to your network. Think of the copier as an “on-ramp” to the highway of your network that hackers can use to deploy viruses, etc.   Because of this accessibility, here are some tools that you should certainly consider putting into place:
  • Device or Fleet Management Tool: Can be used to remotely control devices to ensure that they are secure by pushing configurations out through your network to either an entire fleet or a single device. Used for the following:
    • Turn off unused ports to ensure no endpoint is available for intrusion
    • Create security policies & centrally manage and monitor all devices
    • Greater network control system configuration
    • Remote front panel access for user assistance and troubleshooting
    • Remote firmware
  • Anti-Virus Software: Most MFDs in today’s advanced world have a way of monitoring and preventing attacks with anti-virus software such as Bit Defender or McAfee, which provide you with a firewall to stop intrusions or access from any unverified sources. Here is how anti-virus can protect you against hackers:
    • Stops “Malware” and “Spyware”
    • Prevents “Trojan” Intrusion
    • Provides “Worm” Protection
    • Protects against other unusual behavior
  • Application Whitelisting: This is a list of approved entities like email addresses or IP addresses that are listed on the whitelist. Entities that are not on the whitelist are denied access. Also, it checks which IP addresses have accessed the device by using a SYSLOG (system logging protocol). These are some of the benefits of using application whitelisting:
    • Block ransomware intrusion
    • Provides vulnerability management
    • List of secure IP addresses (static), emails, and applications
    • Improved Cyber Security
  • Firmware Self-Recovery Application: This is critical to MFD security as cyberattacks are being attempted on MFDs as an entry point to a network. Your device will update and install security patches. If the self-recovery identifies malicious intrusions, then it will restore the machine’s firmware to its original state and restart the device. These are some of the benefits of using a firmware self-recovery application:
    • Detect, stop, and recover a BIOS attack or corruption
    • No IT intervention needed
    • Stealth within your MFD
    • Not accessible as it is nonvolatile memory

    Share This Page