How secure are your printers?
Managing your information security is a complex business. Like any device connected to your network, your printers could be jeopardising your information security if not implemented and managed carefully.
Business managers know that information security is a complex business. They have to think of computers, mobile devices, routers, WiFi, and more. One spot that often gets missed is the print environment. On the physical level, printed content left lying around could fall into the wrong hands. On the data level, many printers are sophisticated devices that store documents and can be controlled over the network. They need to be treated accordingly.
Luckily, keeping your business information safe within your print environment is easy. It just needs to be part of your overall information security strategy. Unfortunately, this is an area some businesses forget. The Canon Business Readiness Index on Information Security revealed that while 84% of businesses are aware of printing-related security threats, only 4 in 10 businesses have their printers secured.
You can perform a risk assessment, which covers your entire data infrastructure, helping you to prioritise actions accordingly. Organisations that handle information protected by Australia's Privacy Act need to be especially careful as the associated penalties could cost you up to $420,000. Serious violations can also be prosecuted in and result in criminal sanctions.
The physical environment
Protection starts with access to the printer and its output. If your printing includes confidential business information, then your printer should be in a safe location.
You can implement a secure printing capability to reduce the chances of document theft. With this feature, the person sending a document must enter an authorisation code or scan their personal ID card at the printer to release the job. Employees should ensure they always print sensitive materials using Secure Print and if this feature isn’t available, they need to make a habit of getting to the printer immediately to collect their printout.
Uncollected printouts can become a source of information leaks. To help limit this risk, make someone responsible for picking up documents that have been left for too long, to keep safely or dispose of properly.
The data environment
Many printers are actually multifunction printers (MFPs), which also scan, copy, and store documents. They're active devices on the network, not just boxes that receive data and produce paper. As such, they need to be part of your network security strategy.
MFPs are as vulnerable to information security threats as other networked devices. They may even be subject to malware3. Make sure you update your firmware regularly and restrict network access to your machines if necessary. They should get firmware updates when they're available, and access to them over the network needs to be restricted. Network monitoring can detect possible breaches so you can investigate any suspicious activity.
Taking a conservative approach to your printer setup can help limit the risks. If it has a remote administrative interface, it needs a strong password. If you are enabling features that could increase your security risks, make sure you work with a technology partner that understands these risks and can put the right measures in place to help ensure your print environment is safe. This might include encrypting the transmission of your data and using a firewall to limit outside access.
High-volume printers often include a disk drive to hold documents, fonts and templates. The drive ought to be encrypted. When the organisation discards the printer or returns it at the end of a lease, erasing or destroying the drive will minimise the potential for data leaks.
The human factor
An organisation is only as secure as its people make it. Training and policies need to include appropriate ways of printing documents. Employees should learn to pick up sensitive printouts immediately and to use secure printing if it’s available.
For your most sensitive documents, you might consider enabling Secure Print which can be configured to prevent the printing of documents that contain specific confidential intellectual property. Rules and routing will also give your more control over what can be printed and by who across your business.
Your passwords for printers are just as important as any others. All users should create strong passwords and keep them protected. Also, make sure you change any default device passwords as soon as possible.
Keeping your print environment secure will help keep your business information safe, giving your customers and partners confidence in doing business with you.
The Canon IT Security Essentials Assessment can help you benchmark how secure your IT and print environment is and help you understand where improvements can be made to make keep your business safe.
Sources:
1. Canon Business Readiness Index - https://www.canon.com.au/businessinsights/business-readiness-index-2018-security
2. Privacy Act’s penalties - https://www.adma.com.au/compliance/government-increases-penalties-for-failure-to-comply-with-privacy-act-and-spam-act
3. Printers Gone Mad - https://usa.kaspersky.com/blog/hacked-printer-pewdiepie/16668/
4. Canon's Practical Guide - https://www.canon-europe.com/images/ICO%20Canon%20Practical%20Guide%20to%20Print%20Security_tcm13-1000094.pdf
For forward-thinking legal firms alternative legal services (ALT) an exciting opportunity to shape the future. Is ALT the next step for your practice?
Canon’s uniFLOW print management software can connect with major practice management software
Confidentiality is essential in the legal profession and the stakes are high for your clients and your professional reputation. Canon’s iR-ADV Gen III Series III multifunction devices are designed to boost efficiency and are packed with security features to minimise the risk of cyber-attack.
How to settle on the right practice management software for your business
If you lead an established, market-leading firm, you face a dilemma.
AI has shifted from being experimental technology to the mainstream. Here are six areas where AI is impacting the legal industry right now.
In this digital world, data management is a significant responsibility and a data breach is an equally significant risk. Should things go wrong, businesses must take steps to minimise the impact. With the changes to the Privacy Act coming into effect this week, Andrew Giles, Head of Public Relations and Communications for Canon Australia, shares insights on how to preserve trust and maintain strong customer relationships.
If you're on the Internet, you face security risks. You can no longer afford to assume that your business won't be a target because you're not big enough. Here are some big business takeaways that can substantially benefit your business' security.
Have a spare $2.82 million? That’s how much you can expect to pay, on average, if your organisation falls victim to a data breach in Australia.
Discover how to protect your data and ensure the safety of your cloud solution.
With cyber crime and data breaches on the rise, how can you protect the cyber safety and security of vital public sector organizations?