Printer security is one of those topics almost guaranteed to put business people to sleep. Anyone from outside the IT profession hangs up and runs away. At best a non-techy points you in the direction of a techy (or anyone else they can spot within walking distance) at worst they run off and hide behind large furniture. Simply put Printer security has been kicking around the kit bag of sales people for over a decade and it’s still not properly understood.
Famously (in the industry at least) CBC ran a news article on the risks of data on printer hard disks a very long time ago. It’s been on YouTube for more than 7 years and has still only a million views. In YouTube terms that’s like being invisible. Yet even then, before GDPR and the IOT threat landscape, CBC demonstrated how very simple, free software could extract huge amounts of sensitive data from print devices. The terrifying sub note to this is, almost a decade on and not much has changed.
The reality is that whilst Managed Print Services, Multi-Function Devices and Smart Printers have developed and evolved, users are still not really awake to the risks. Like any other IT peripheral, network print devices have become a lot smarter and more capable.
Printer Manufacturers like Lexmark have developed sophisticated security tools both on and for their machines. The ability to fully encrypt, overwrite and delete data on devices can now ensure that CBC’s shock story doesn’t become a reality. Advanced TCP/IP configuration settings and network port controls allow IT users to configure Printers and Multi-function machines just as they would other more recognised security threats on the network.
There are even software tools to ensure that print devices stay configured properly and alert you if anything changes. Software like MarkVision Enterprise from Lexmark allows IT desks to keep all those pesky printers just how they should be. With all this technology now in even the smallest network print machine; why do network print devices still pose such a significant security threat?
There are many factors that contribute to the increasing security exposure that printers can become. Hackers are having to look for ever more diverse entry points to networks as network security comes more and more into focus.
With the approach of GDPR and increase of SaaS and Hosted platforms, enterprises are placing real energy into network and data security. However, its usually the obvious and ‘shiny’ network components that get the focus. Mobile devices, Wi-Fi and network infrastructure. Laptops and server technology are all commonly audited and reviewed for security.
Printers and other peripherals are frequently left out of this process despite their ability to access the network at a reasonably high level, transmit data and even host software. Identityguard.com suggested that two-thirds of IT managers believed their office printers have some sort of Malware.
The other thing to consider when addressing printer security is the information the devices physically produce and transmit. With other IT assets the data security risk is limited to the digital data they store or the access to the network they can facilitate. This is true of printers and digital copiers of course. Unlike other digital only devices, Printers and MFD’s produce analogue data. Paper. And once that paper is out of the machine its extremely difficult if not impossible to control properly.
Real consideration has to be applied to the printed data produced. Installation of a print management application such as Papercut not only allows for cost control but provides real auditable control over the printing of information. Modern, smart devices have the ability to host applications that force users to identify themselves and tracks their activity. This can offer organisations a real view of what is happening with printed information.
Organisations would be equally advised to spend a little time thinking about scanning. Digital copiers and MFD’s can scan high volumes of pages at tremendous speeds. The Lexmark XM7170 can scan in excess of 70 sides of A4 a minute to email or network locations for example. A fabulous feature, but one that needs careful control. Network World lists Email as one of the top 10 biggest security threats. Email is enormously powerful, it’s a total foundation of business process, but it also offers huge exposure to data breaches.
Digital attachments from email clients are hard enough to track. Employees either accidently or purposely sending office files offer enough of a Challenge. At least digital documents leave a little trace of what happened with what. Unsecured email direct from a photocopier is a different story. Hundreds of pages of data, printed without trace and scanned without control. Sent to multiple external email addresses in less time than it takes to grab a coffee. There’s a real needle in a haystack. Imagine trying to spot a page of sensitive data in a bundle of tens or hundreds of scanned pages in a generically named image file?
User interface controls and user authentication offered by software like Lexmark’s Solutions Composer can add real security to these otherwise open practices. Smart devices allowing IT managers to control email and document distribution just as they would for other network assets. Capture and ECM (Electronic Content Management) applications taking this even further. Software like Square 9’s Global Capture allowing business to route and process scanned documents automatically to avoid user error or abuse.
Managed Print Services can be both a blessing and a curse in data security. MPS offers huge benefits to businesses in terms of cost control and IT management. But all too often MPS providers stop at the delivery of hardware and service. A well written and managed MPS agreement, or even simple copier service contract, needs to take data security into consideration.
Whilst businesses are at pains to manage and reduce costs, sometimes the cheapest option leaves them hugely exposed to security threats or worse financial penalties. GDPR will increase the potential fines for businesses to 4% or €20,000,000 for data breaches. And that doesn’t include any civil action taken by the subjects of the data loss. The potential risks are high.
What can a business do to protect itself? The good news is that most modern devices offer the tools and features to mitigate risk. The better news is that selecting a knowledgeable MPS supplier who will document, implement and enforce security policy can all but remove the need for worry about the printer fleet. The grey boxes can go back to being anonymous work horses.
To learn more about how IPS implement MPS, the smart devices they deliver and the security and control software they support call: +353 1 832 0930 or
Request a call back