How secure are your printers?
Managing your information security is a complex business. Like any device connected to your network, your printers could be jeopardising your information security if not implemented and managed carefully.
Business managers know that information security is a complex business. They have to think of computers, mobile devices, routers, WiFi, and more. One spot that often gets missed is the print environment. On the physical level, printed content left lying around could fall into the wrong hands. On the data level, many printers are sophisticated devices that store documents and can be controlled over the network. They need to be treated accordingly.
Luckily, keeping your business information safe within your print environment is easy. It just needs to be part of your overall information security strategy. Unfortunately, this is an area some businesses forget. The Canon Business Readiness Index on Information Security revealed that while 84% of businesses are aware of printing-related security threats, only 4 in 10 businesses have their printers secured.
You can perform a risk assessment, which covers your entire data infrastructure, helping you to prioritise actions accordingly. Organisations that handle information protected by Australia's Privacy Act need to be especially careful as the associated penalties could cost you up to $420,000. Serious violations can also be prosecuted in and result in criminal sanctions.
The physical environment
Protection starts with access to the printer and its output. If your printing includes confidential business information, then your printer should be in a safe location.
You can implement a secure printing capability to reduce the chances of document theft. With this feature, the person sending a document must enter an authorisation code or scan their personal ID card at the printer to release the job. Employees should ensure they always print sensitive materials using Secure Print and if this feature isn’t available, they need to make a habit of getting to the printer immediately to collect their printout.
Uncollected printouts can become a source of information leaks. To help limit this risk, make someone responsible for picking up documents that have been left for too long, to keep safely or dispose of properly.
The data environment
Many printers are actually multifunction printers (MFPs), which also scan, copy, and store documents. They're active devices on the network, not just boxes that receive data and produce paper. As such, they need to be part of your network security strategy.
MFPs are as vulnerable to information security threats as other networked devices. They may even be subject to malware3. Make sure you update your firmware regularly and restrict network access to your machines if necessary. They should get firmware updates when they're available, and access to them over the network needs to be restricted. Network monitoring can detect possible breaches so you can investigate any suspicious activity.
Taking a conservative approach to your printer setup can help limit the risks. If it has a remote administrative interface, it needs a strong password. If you are enabling features that could increase your security risks, make sure you work with a technology partner that understands these risks and can put the right measures in place to help ensure your print environment is safe. This might include encrypting the transmission of your data and using a firewall to limit outside access.
High-volume printers often include a disk drive to hold documents, fonts and templates. The drive ought to be encrypted. When the organisation discards the printer or returns it at the end of a lease, erasing or destroying the drive will minimise the potential for data leaks.
The human factor
An organisation is only as secure as its people make it. Training and policies need to include appropriate ways of printing documents. Employees should learn to pick up sensitive printouts immediately and to use secure printing if it’s available.
For your most sensitive documents, you might consider enabling Secure Print which can be configured to prevent the printing of documents that contain specific confidential intellectual property. Rules and routing will also give your more control over what can be printed and by who across your business.
Your passwords for printers are just as important as any others. All users should create strong passwords and keep them protected. Also, make sure you change any default device passwords as soon as possible.
Keeping your print environment secure will help keep your business information safe, giving your customers and partners confidence in doing business with you.
The Canon IT Security Essentials Assessment can help you benchmark how secure your IT and print environment is and help you understand where improvements can be made to make keep your business safe.
Sources:
1. Canon Business Readiness Index - https://www.canon.com.au/businessinsights/business-readiness-index-2018-security
2. Privacy Act’s penalties - https://www.adma.com.au/compliance/government-increases-penalties-for-failure-to-comply-with-privacy-act-and-spam-act
3. Printers Gone Mad - https://usa.kaspersky.com/blog/hacked-printer-pewdiepie/16668/
4. Canon's Practical Guide - https://www.canon-europe.com/images/ICO%20Canon%20Practical%20Guide%20to%20Print%20Security_tcm13-1000094.pdf
Confidentiality is essential in the legal profession and the stakes are high for your clients and your professional reputation. Canon’s iR-ADV Gen III Series III multifunction devices are designed to boost efficiency and are packed with security features to minimise the risk of cyber-attack.
In the new era of law, contracts are being completely re-designed or even re-imagined in various ways to make them easier to understand
Whether you’re leading a law firm or an alternative legal practice (ALT), blockchain is set to revolutionise the way you do business. You will soon be using it yourself or guiding your clients as they get to grips with it.
Dr. Hugh Bradlow, Australian Academy of Technology and Engineering, shares his insights on the growing cybersecurity war, and how to manage risks and resilience in a world of unknowns.
With modern technology, the healthcare sector is becoming more connected with an increasing number of ‘things’ now using software, for example medical devices. It’s creating a new world of cybersecurity concerns, but how does the healthcare sector measure up when it comes to managing Information Security?
With cyber crime on the rise in Australia, it’s becoming more important than ever to protect your business with cyber security training. We look at how your employees are your best weapon against cyber attacks.
As technology enters classrooms, auditoriums and libraries, it brings new risks to the education sector. All it takes is one click from a student device to potentially compromise your entire network. Faced with these various threats, does the education sector receive a ‘High Distinction’ for its efforts to protect its troves of student and staff data? Recent findings from the inaugural Canon Business Readiness Index on Security suggest not.
There is a lack of clear standards relating to how school records should be secured. As a result, the level of security varies from school to school, and sometimes within an institution itself. What can you do to ensure your school is exercising best practice with your school records?
If you're on the Internet, you face security risks. You can no longer afford to assume that your business won't be a target because you're not big enough. Here are some big business takeaways that can substantially benefit your business' security.
In February 2018, Australia’s privacy law will change. If your organisation is covered by the Australian Privacy Act (this includes all Australian government agencies, and businesses and not-for-profit organisations with an annual turnover of $3million or more), then these changes will apply to you.
Have a spare $2.82 million? That’s how much you can expect to pay, on average, if your organisation falls victim to a data breach in Australia.