The multifunction copier, printer, scanner and…data thief?

April 4, 2017

Cybersecurity is a major concern for businesses. Have you considered how your multifunction copier may put you at risk for a security breach? Follow best practices for protecting information sent to your copier.

A new multifunction office device can be a great tool to improve efficiency. It copies and collates with ease! It scans documents with amazing accuracy! It prints in color for just pennies a page! And, if all that wasn’t enough, it also stores highly sensitive data that could potentially ruin your company if a hacker were to obtain it. Wait, what?!?

Yes, your networked office printer stores a lot of potentially sensitive data. Think about all of the things that are printed on an annual basis… salary and W-2 information. Employee reviews. Client data. If any of this data was made public it could be disastrous for a company and its reputation.

Know the vulnerabilities

There are numerous threats to sensitive information being processed through the multifunction device:

  • People picking up the wrong documents, whether on purpose or not.
  • Changes to printer controls that may allow an employee to open up previously saved documents.
  • Multifunction devices with digital storage capabilities that save documents indefinitely, even after you throw out the device.
  • Hackers penetrating the network, who can easily capture multiple documents by attacking the printer instead of individual computers, especially if the printers are older models lacking current security features. Taking control of the device, a hacker could print malicious materials, send faxes and even retrieve saved documents on the machine’s internal hard drive.

How do you protect yourself?

To avoid having employees walk off with other people’s information, implement the device’s security features or install print management software such as PaperCut or Uniflow. After sending a job to print, the employee must input a PIN code for the document to print. You’ll find that the system reduces the risk of having sensitive data walk off, as well as reduces the amount of toner and paper used by the company. Just how many abandoned print jobs are left on your printers every night?

Make sure you password protect the control panel of the printer to prevent anyone from changing the device’s settings. Additionally, apply critical security patches to your device’s firmware and drivers when applicable. The manufacturer sends these patches out regularly to add security features and fix vulnerabilities once they are found.

Prior to purchasing, determine if the device can support encrypted connections from the network computers. Current devices should have this capability as a standard option, and some older devices can be altered with additional hardware and software.

When setting up the device, make sure you aren’t opening the administration interface to the internet. Following this best practice makes it a lot harder for hackers to find the printer. While your network firewall should protect you, you may want to disable certain features like this if you aren’t using them.

After a printer’s useful life has ended, make sure that its internal hard drive hasn’t saved any company documents. Contact the manufacturer (or consult your device manual) to determine how to erase the data. If you can connect the drive to a PC, you may be able to wipe it with a drive wiping program such as KillDisk or DBAN.

Do I need a hard copy?

There are many exploitable vulnerabilities to cover, so it makes sense to remind employees to only print sensitive information when absolutely necessary. Focus on improving these vulnerabilities and the only thing you’ll need to worry about is paper cuts.

The Federal Trade Commission publishes a guide you may find useful: Copier Data Security: A Guide for Businesses.

Need help protecting your data? Contact us at 800-236-2246 for more information.