7 Essential Printer Security Steps
From requiring employees to enter usernames and passwords on computers with the latest antivirus software to encrypting email to prohibiting the use of personal mobile devices on the network, you’ve done what you can to boost your business’s security. You’re confident you’ve secured the most vulnerable endpoints of your network to reduce the risk that your company will experience a painful and costly data breach.
If you haven’t considered securing your printers or multifunctional devices (MFDs), you may be a part of the 43% of companies at risk for a security breach, according to a survey by Spiceworks. Leaving vulnerabilities such as these in your network can be dangerous, as a 2017 study by Quocirca found.
In that study, more than two-thirds (68%) of companies between 1,000 and 3,000 employees reported some form of data loss through their printers, and 51% of companies with 3,000 employees or more had suffered a printer-related data loss. Not including your printer or MFD fleet in your network security plans puts your company at a higher risk of hacking and business data breaches than you think.
Making sure that your your printer and MFD endpoints are secure doesn’t have to be difficult. No matter the size of your company, here are seven actions you can take to secure your printer:
1. Regularly check for and implement firmware updates
Keeping your print devices up to date ensures the availability of the latest security settings and features. Any firmware updates should be digitally signed by the manufacturer to guarantee authenticity.
2. Control access to devices and administration settings
Passwords, account names, and other settings on any device should only be changed by a network administrator. Make it an administrator’s responsibility to change all default passwords and account names and configure device and security settings, with the capability of doing so remotely.
3. Require users to enter PIN, ID and password, or use a card login to retrieve print jobs
In Quocirca’s 2017 study, leaks caused by unclaimed print jobs picked up from printer/MFD exit trays accounted for almost half of the data losses reported. Allowing a device to print without a user in front of it is one of the easiest and most common ways to lose data. “Follow me” printing from a print management system provides both security and convenience as users are able to obtain their print job from any device on the network that they log into.
4. Restrict scan users and destinations; encrypt PDFs
The most used “multifunction” on today’s MFDs is scanning, and unrestricted scanning can mean unwitting or malicious guests and insiders can scan documents into the wrong hands. Protect those documents by creating encrypted PDFS, setting permissions and passwords and even adding digital signatures when scanned at the MFD.
5. Encrypt data between computer and print device and on the hard disk drive (HDD)
Preventing the interception of vital data through encrypting network traffic, including print jobs going over the network, just makes sense. Nearly all office MFDs have a hard disk drive (HDD) that spools and stores data to print or send using features such as scan and send or fax. Encrypted data on HDDs (using the FIPS 140-2 security standard) is difficult or impossible for hackers to read; erasing the data also makes sure that it is overwritten, and therefore, unreadable. When disposing of any printer or MFD, the HDD erasure should be verified, or the HDD should be removed and destroyed separately.
6. Use features that protect the printer from malware and tampering at startup and during operation
Features for print devices, such as McAfee Embedded Control, can verify that the boot code, firmware, operating system, and any application running on the device has not been tampered with. With a feature like this active, the device will not be allowed to start up if tampering is found. Whitelisting and runtime intrusion detection complement this security feature and should be utilized as well.
Manufacturers like Canon have whitepapers and Security Hardening Guides that go into detail of the security features, settings, and steps that can be used to secure your print devices. At Offix, we can help harden your printer and MFD endpoints a better-protected part of your network, including the best products, settings, and strategies. Contact us today for a no-obligation consultation about managing your device fleet and getting the best in device security!
7. Use a print platform that integrates with a SIEM system
If you use a Security Information and Event Management (SIEM) system, work with a printer or MFD provider that has a platform that integrates with it. This system can provide visibility to any changes in settings, failed authentication attempts, and new applications being added, granting the insight you need to react and defend your company’s data and reputation.