Printers: from paper jam
Long gone are the days when printer problems were synonymous with paper jams
Long gone are the days when printer problems were synonymous with paper jams. Nowadays, multi-functional devices (MFDs) used in document management systems are frequently shared across departments, teams, projects and even across companies by managed office providers. Naoshi Yamada shares his thoughts on what you can do to make printers and MFDs more secure.
1. Remember printers aren’t just printers
MFDs are actually servers in their own right, providing a number of networked services; for example e-mail, file transfer (ftp), web and eFax servers, with some having significant hard drive storage as well. As such, they need to be treated in the same way, but are often not controlled to the same degree as corporate e-mail servers or company web servers.
Organisations of all size should produce a configuration guide and ensure it is adhered to at all times. This will ensure all functions on the MFD are looked at critically, and can be enabled or disabled as required. It will also mean third parties fully understand the configurations and no not disrupt them.
2. Protect passwords
Social networking has experienced explosive growth in the Middle East. With its rise in popularity, however, password theft has become even easier for malicious attackers.
For example, password stealing Trojans and other malware can use fake password reset messages, which when activated then install on people’s machines. It is well known that one third of people use the same password for all web sites and corporate accounts, meaning once the attackers have it they can access not only the individual’s personal data but also their professional information.
To ensure the MFD is a secure link in the information flow, organisations should disable default passwords and ensure employees have strong, unique passwords which are changed every 90 days for accessing their print jobs. These should ideally be 8–10 characters long, and include a mixture of letters, numbers and symbols rather than a dictionary word that can easily be remembered.
3. Prevent paper-based leaks
Nearly a quarter of security breaches are paper-based. It is really important for organisations to make sure their MFD is not a key contributor to this – ask yourself, how frequently are printouts left in the output tray or dropped into the recycling bin, without being shredded? Organisations can minimise the risk by using ‘Secure Job Release’, a function which means print jobs are locked in a queue on the device until the corresponding user PIN is entered. This will minimise the number of printouts left on the output tray, as documents will only be printed when they are required.
4. Minimise the insider threat
One of the ongoing risks for security professionals is not just the threat of malicious attacks, but the insider threat. Be it a disgruntled ex-employee leaking information for money or a well-meaning current employee, or simply human error – the risk of someone who has access to confidential information can be difficult to protect against.
For example, many organisations use sub-contractors who require access to the most up-to-date data to complete their work. Enabling the secure print options, including ‘Secure Job Release’ outlined above, prevents people stumbling on printed documents left on the output tray or illegally gaining access to an employee’s mailbox.
A further configuration which can help protect against this type of threat is ‘Job Log Conceal’. This hides the details of recent print jobs so people can’t watch them, and also removes all traces after confidential jobs are printed so no data trail is left.
Lastly, it is very important to consider what happens to the device at the end of its life. Would you simply throw away a laptop once you’d finished with it, or would you clean the hard drive to remove all your data such as photos and music? The hard drive of a printer must be wiped and securely disposed of at the end of its life.