Too many companies are overlooking the security threat posed by the humble printer.
Businesses across the UK are beginning to make significant investments in their security efforts following recent high profile data breaches that have hit businesses at a global level.
Many businesses are set up with a printer per desk or team, but owners are unaware that having departmental printers sprinkled throughout an office can be an easy source for a data breach. Unbeknownst to many in an office environment, modern printers now contain a wealth of confidential data, in both electronic and hard copy format, making them vulnerable to attack.
Securing the device
Millions of pages are printed in offices across the country every day, but many of these eventually head straight to the shredder as they are churned out and forgotten about. The risk here is figuring out whose eyes are – and aren’t – allowed to see the documents sitting on the printer, ready for pick up.
Respecting and adhering to both client and employee confidentiality is of the utmost importance for SMEs, with serious consequences should a breach occur and reasonable steps to comply with confidentiality agreements are not being taken.
Leaving documentation free for unauthorised persons to view could be considered a negligent action; businesses must therefore put processes in place as early as possible to support employees in remaining compliant.
One way to prevent reams of paper sitting in the printer’s output tray is to secure the device with an extra level of security at the printer itself. This requires users to input a PIN or swipe a key card to release the document.
In this scenario, if a member of staff does not authorise printing, the document will stay sitting in the print queue, securely out of sight from unauthorised personnel. This also reduces the ‘office dash’, where a member of staff rushes across the office to claim their printed document before it can be seen by anyone else.
“Follow-me” printing is also useful for small businesses which might have multiple office sites or a remote working team, as documents can be collected from any printer on the network. For those who are working with particularly sensitive items, there are further layers of security which can be added such as biometric solutions.
Documents and data
Documents in transit from a computer to a printer can also be vulnerable. It is possible for print jobs to be intercepted, both on a wireless and a hard wired connection. A business can tackle this by encrypting the print job, protecting any data traversing the network before it is placed in the printer’s storage.
The printer’s storage itself can also be encrypted, which protects the documents as they wait to be printed. As a final check, businesses can implement an auto-delete function on the printer, which will remove any documents waiting to be printed after a specified time-frame, e.g. 24 hours.
There is more to print management than just securing documents, however. It is also important to track print jobs and audit printing practices, which although a challenging task, is key for measuring and managing an office’s print environment.
Specific tools can help identify any particular employees who might be ignoring company policies or abusing their print privileges, which will not only put the company at risk, but also add greater cost to a small business that is already struggling to manage its budget effectively.
Wipe away history
Businesses of any size regularly change their printers, whether to return it to a leasing provider, update it to reflect a growing company’s needs or retire the device in favour of a newer model. Whenever a printer is removed it is crucial to properly delete any data that might be left in the printer’s internal memory.
A printer can hold tens of thousands of documents in its storage system, including every document printed on site, every document scanned or copied by a member of staff and any incoming faxes from outside of the business.
If the device is not encrypted, set to automatically delete data or is not wiped regularly, all of this data will remain on the device and can be accessed from anywhere, and by anyone.
Once a printer is sold or returned, there is no way of being certain where the device will end up. If left unaddressed, all of the data will therefore go with it. The solution to this is to ensure all hard disks are encrypted, erased or removed before a printer leaves the business.
Despite the increased security implemented by SMEs, most companies tend to focus on network entry points alone, meaning that the office printer remains excluded from security strategies, exposing a business to a high level of risk.
It is important to realise that printers must be managed and protected with the same high priority as an SME’s entire IT infrastructure to prevent sensitive data leaving the firm without intention.
James Stelfox is MD of QuoStar MDS.
Is Your Printer About To Launch A Cyber Attack?