Tech Talk With Fraser

Print Security: Know Your Risk and Protect Your Assets

Written by Heather Trone | Feb 5, 2020 11:00:00 AM

We all know all of the devices we use every day to perform tasks that involve sensitive data. We pay bills with our computers, tablets and cellphones. We transmit our credit card information across the internet. All of our devices need to be secured in order to provide a safe environment in which to perform these everyday tasks.  

Now imagine your printers. Did you know unsecured printers equals unsecured IT? Consider the multitude of potential security threats across a print fleet made up of devices from various manufacturers.  All of those devices must be managed separately to ensure they are secure. And each day your business spends with that outdated, multi-vendor fleet means an increased risk of security breaches to your business. 

You may not spend much time thinking about print security, but  print security must be a vital part of your IT strategy.  Knowing how to secure your devices, secure your network and device management and securing your document solutions are all critical steps in protecting your business data.  Costly security breaches continue to occur, which should only reinforce the importance of assessing your current print infrastructure.  According to Quocirca, 60% of companies in the United States, U.K., France and Germany have suffered a print-related data breach in the last year, with the average breach costing around $400,000 per occurrence. 

Many businesses and organizations are filled with aged, poorly-secured print devices.  Your first best defense is to implement a Managed Print Services program.  Your next best defense is to implement secure access features that restrict who can use output devices using predefined user access controls such as:

  • Digitally signed firmware and software updates - Encryption and digitally signed firmware of files ensures that only firmware created by the manufacturer can be installed on print devices.
  • Access control to device functionality - Individual users and groups use credentials to access printers and MFPs, and the authentication and authorization methods can determine if a user has appropriate access to modify device settings or change functionality.
  • Security configuration - Custom configurations ensure that devices match security policies and reset automatically if the device is out of compliance.
  • Hard disk erase - When devices are removed from a secure location, whether permanent or temporarily, you can perform and out-of-service wipe to remove all settings, data and information stored on the hard disk or memory of the device.

While increased use of mobile devices and the need to support BYOD initiatives, IT departments have to strike a balance between providing users with the tools they need to boost efficiency while minimizing the risk of breaches across the fleet.  This includes:

  • Sharp application whitelisting - This protects the device's file system by allowing only approved files to run.  It offers significantly more protection than traditional black listing techniques.
  • IP address filtering - Network devices are configured to allow TCP/IP cocnnections only from a specific list of TCP/IP addresses.
  • Secure protocol restrictions - Devices are restricted to use the latest version of secure communications protocols such as version 1.3 of TLS and/or version 3 SNMP.
  • Port filtering - Filtering increases control over the device activity and is used to configure devices and filter traffic on specific network ports.
  • Device audit capabilities - The event tracking features proactively track and identify potential risks and may be integrated with your intrusion detection system for real-time tracking.

Information that is printed on or transmitted through print devices could be your organization's greatest vulnerability because security threats often come from within your business.  To protect your business:

  • Prohibit unauthenticated printing - Malicious printing can be prevented on a device by configuring it to only allow print jobs if the user has authenticated.
  • ID badge authentication - Administrators can grant access to device function and apps with the same magnetic stripe or proximity cards that employees use to gain access to facilities.
  • Follow me print - Users can print jobs from anywhere including desktop, tablet or smartphone and release jobs for printing when they are ready from any location.
  • Confidential print - A standard part of Sharp's universal print driver, confidential print, holds your job on a specific Sharp MFP until you release it with a pin code.  This prevents prying eyes from viewing documents left in the output bin.

Everybody heard all the time about data breaches, ransomware and malware.  Printers are one of the true vulnerabilities in a business setting.  Businesses can gain control of their print fleet security with our Managed Print Security Assessment program.  To learn more about MFP and printer security and to schedule your security assessment, contact us today!

To learn more about what Managed Print Services are and the benefits they can provide for your business, download our free e-book on all things Managed Print!