Print security is
rapidly rising up the political and business agenda.
In January the
European Union's new Data Protection Directive stated that any major data breaches
must be reported within 24 hours, putting increasing pressure on organisations
to have strict procedures in place.
Also, according to a
recent Quocirca survey, 70 per cent of European enterprises have suffered one
or more printing-related data breaches, while only 15 per cent of European enterprises
believe their printing infrastructure is secure.
Printers come with
an inherent security risk; they are no longer only printers. Multifunctional devices (MFDs) are sophisticated document-processing hubs,
with the ability to transfer data to devices on the company network and are
often equipped with hard disk drives and web servers.
One area of
vulnerability is the print management software. With IT environments utilising
mobile printing functionality and employees bringing their own devices, management
software is increasingly common. However, if not protected in the same way as
other software, it can be just as susceptible to internal and external network
attacks. These are some of the simple steps that can be taken to lower the
potential risks posed by the MFD and print management software:
Separate the print server from the network
One instance where
data can be compromised is in the interception of traffic when documents are in
transit from the PC or mobile device, via the print management software, to the
MFD.
By separating the
print server from the network server, the IT department can limit and control
what traffic is going over that part of the network, therefore restricting
access and reducing the risk of an attacker exploiting it.
Encrypt all traffic
When a document is
in transit to the printer, it is travelling from one server to another. Data
encryption should be a key element of any organisation's security policy. This
will ensure that if it is compromised, the data can only be seen by authorised
people and will reduce the impact of the breach.
Ensure patches are up to date
The security
threats facing organisations change on a daily basis, and print management
software needs to be treated in the same way as any other software platform
within the IT environment. It is important the print server is configured with
defined security standards and a security patch update procedure that tackles
the latest vulnerabilities.
Consider the position of MFDs
The physical
security of an MFD is also important in protecting it from interception. MFDs
should be placed in a position where CCTV cameras can view it, so any malicious
activity can be observed as well as deterred.
Control any unauthorised network monitoring
A ‘network sniffer'
can read data travelling between the PC or mobile device and an MFD, exposing
the print job and routing addresses. If not already enforced, organisations
should monitor and investigate any packet sniffing or port scanning behaviour
on the network.
Protect it after it's gone
Lastly, it is very
important to consider what happens to an MFD device at the end of its life.
Recent research conducted by the Information Commissioner's Office has
suggested that 48 per cent
of hardware purchased online or at computing fairs contained information, 11
per cent of which was personal data. It is therefore imperative to permanently erase data from MFDs before
they are either re-sold of recycled.
With increasing
pressure from the EU, the 85 per cent of European enterprises that believe
their printing infrastructure is insecure need to develop a compressive print
security policy that takes into account not only the hardware, but also the
print management software.
Only then can they
minimise the print security risk, and be in a position to report any breaches
within the required 24 hours.
Quentyn Taylor is
director of information security at Canon Europe