Don't Forget MFPs When Planning Your Security Strategy

Posted on January 22, 2015

The Information Commissioner's Office (ICO) for the United Kingdom recently issued its annual report on fines given to companies that failed to protect consumer data, and a surprising number of those fines were given out for data that involved data loss traced to multi-function devices (MFDs) such as copiers and scanners or multi-function printers (MFPs), including printed records and faxes.

But, says Jared Hansen, CEO of secure mobile printing leader Breezy, multi-function printers and copiers are still often ignored by U.S. companies planning their enterprise IT security strategy. "Modern multifunction printers (MFPs) can print, copy and scan, and have Internet connections that allow users to scan and print from cloud applications or mobile devices. Many of them have more storage and processing power than the desktop computers in use just a few years ago.

"IT departments can't assume that confidential data such as invoices, customer information and employee documents are secure as they move between the desktop, mobile device, printer, and cloud services unless they understand how MFP's work, and where they fit in the security strategy the company has built to protect sensitive data. Securing your print infrastructure requires thought," he says.

The seven steps outlined below can help any company do a better job of multi-function printer security as part of an overall strategy to avoid a data breach that includes mobile devices as well as traditional desktop, laptop, and network security.

Step 1: Identify Your Risk Profile

In Europe, Quocirca research showed that 70% of organizations have suffered a print security breach. The first step in making sure that your company doesn't fall prey to such a data breach is to understand the risk your print environment poses and develop a strategy to manage your risk.

Hansen says that the risk assessment should consider:

Once you understand how your MFP's are being used on a daily basis, you can determine how much risk your company faces. "Don't forget that just because an employee isn't printing sensitive data from a mobile device at work doesn't mean they're not connecting that mobile device to an unsecured multi-function printer that isn't part of your network," Hansen says. "So don't just audit on-premise printing. Look at how your employees use their mobile devices when they travel, work at home, or print on public networks at copy shops or business centers."

Step 2: Read the Printer's Documentation

Does anyone bother to read the documentation or configuration guides that ship with printers or multi-function devices" After all, they're plug and play devices, right" But reading the manufacturer's configuration guide or talking to your service provider if you use a print management company is essential in minimizing your risk for a printer-based data breach, Hansen says.

"Customizing your MFP settings is absolutely essential," Hansen says. "You will almost always want to disable the default settings and implement only the features that you need."

You want to make sure that the printer can only share information with authorized users, and that the hard drive inside the printer doesn't keep information on file after the job is completed. And, of course, you want to make sure that the printer isn't sharing information with anyone outside your network or allowing unauthorized users to access the data.

Step 3: Consider Pull Printing

You can reduce the risk of paper-based data leaks by using a secure job release strategy commonly called pull printing. With pull printing, print jobs are locked in a queue on the device until the corresponding user PIN is entered, or the user swipes a card through a card reader attached to the printer.

"It's easy to forget what a threat paper can be to data security," the Breezy CEO says. "But printed pages left on a printer can create a significant data loss if the wrong person picks them up. So pull printing is one of the simplest steps you can take to protect your company's valuable data."

Step 4: Pay Attention to End-of-Life Practices

You wouldn't consider throwing away or reselling a laptop without making sure the hard drive has been cleaned. But do you make sure that the hard drive of every printer and copier is erased and securely disposed of at the end of its life"

"It's not news that the hard drives in copy machines and printers can store sensitive data far longer than most users realize. Way back in 2010, CBS News reported on second-hand copiers and printers that reached their new owners with hard-drives filled with sensitive information," Hansen says. "But you can still find all kinds of used equipment on the market where data hasn't been erased. Whether it's a smartphone, tablet, printer, or multi-function device, it isn't enough to simply send the stored files to the recycle bin, or use the built-in erase function. You have to actually clean the hard drive by reformatting the hard drive to erase all the data."

Step 5: Enforce Password Policies

Whether you use pull printing or not, it's important to make sure that default passwords are disabled. Most multi-function devices ship with a default password that allows a service technician to access the hard drive remotely for diagnostic and support functions, so it's important to disable them since hackers and criminals often use default passwords.

"In addition, it's wise to ensure that employees have strong, unique passwords which are changed every 60-90 days, and that they use those passwords to access printers as well as other network services," adds Hansen.

Step 6: Link Print Management and Data Loss Prevention Tools

"I am always amazed at how many companies don't link their print management software to their existing data loss prevention (DLP) tools," Hansen says. "This is especially critical for a BYOD environment, where an enterprise mobility management (EMM) solution with built-in secure mobile printing can make a world of difference in how safe your data is."

The key is to apply the same security policies to all data, regardless of whether that data is on a mobile device, the company network, or a MFP.

Step 7: Encrypt All Data

Encrypt your data. Whether it's at rest (that is, stored on a device such as a server, laptop, or mobile device) or in motion (that is, in transit to the printer, or travelling from one server or device to another), encrypted data can only be accessed by authorized users who have the key to decrypting it.

"What encryption means is that even if a hacker or criminal gets access to your data by breaching your security solution, the thief winds up with data they can't use," Hansen says. "I can't overstress how important that is when it comes to reducing the impact such a breach has on your company."

For more information on mobile device security and secure mobile printing, watch this video from Breezy, download The Definitive Guide to Mobile Printing, a free ebook, or click here to schedule a Breezy demo now.

Easy to deploy and manage

Customers report that Breezy installations are among the easiest they’ve ever seen for an enterprise product.