Print security is rapidly rising up the political and business agenda.
In January the European Union's new Data Protection Directive stated that any major data breaches must be reported within 24 hours, putting increasing pressure on organisations to have strict procedures in place.
Also, according to a recent Quocirca survey, 70 per cent of European enterprises have suffered one or more printing-related data breaches, while only 15 per cent of European enterprises believe their printing infrastructure is secure.
Printers come with an inherent security risk; they are no longer only printers. Multifunctional devices (MFDs) are sophisticated document-processing hubs, with the ability to transfer data to devices on the company network and are often equipped with hard disk drives and web servers.
One area of vulnerability is the print management software. With IT environments utilising mobile printing functionality and employees bringing their own devices, management software is increasingly common. However, if not protected in the same way as other software, it can be just as susceptible to internal and external network attacks. These are some of the simple steps that can be taken to lower the potential risks posed by the MFD and print management software:
Separate the print server from the network
One instance where data can be compromised is in the interception of traffic when documents are in transit from the PC or mobile device, via the print management software, to the MFD.
By separating the print server from the network server, the IT department can limit and control what traffic is going over that part of the network, therefore restricting access and reducing the risk of an attacker exploiting it.
Encrypt all traffic
When a document is
in transit to the printer, it is travelling from one server to another. Data
encryption should be a key element of any organisation's security policy. This
will ensure that if it is compromised, the data can only be seen by authorised
people and will reduce the impact of the breach.
Ensure patches are up to date
The security threats facing organisations change on a daily basis, and print management software needs to be treated in the same way as any other software platform within the IT environment. It is important the print server is configured with defined security standards and a security patch update procedure that tackles the latest vulnerabilities.
Consider the position of MFDs
The physical security of an MFD is also important in protecting it from interception. MFDs should be placed in a position where CCTV cameras can view it, so any malicious activity can be observed as well as deterred.
Control any unauthorised network monitoring
A ‘network sniffer' can read data travelling between the PC or mobile device and an MFD, exposing the print job and routing addresses. If not already enforced, organisations should monitor and investigate any packet sniffing or port scanning behaviour on the network.
Protect it after it's gone
Lastly, it is very important to consider what happens to an MFD device at the end of its life. Recent research conducted by the Information Commissioner's Office has suggested that 48 per cent of hardware purchased online or at computing fairs contained information, 11 per cent of which was personal data. It is therefore imperative to permanently erase data from MFDs before they are either re-sold of recycled.
With increasing pressure from the EU, the 85 per cent of European enterprises that believe their printing infrastructure is insecure need to develop a compressive print security policy that takes into account not only the hardware, but also the print management software.
Only then can they minimise the print security risk, and be in a position to report any breaches within the required 24 hours.
Quentyn Taylor is director of information security at Canon Europe