High-profile incidents over the past year have helped to make security a top priority for companies big and small. In October, DNS provider DYN experienced a denial-of-service (DoS) attack that brought a number of major websites down. U.S. intelligent organizations accused Russia of hacking email accounts of both the Democratic National Committee and the Republican National Committee. Hitting the dealer community closer to home, a hacker hijacked 29,000 printers at a number of college campuses in March to remotely print racist flyers.
That last incident is just one example of how the Internet of Things (IoT) introduces new security risks to businesses already struggling to protect their core systems. Multifunction printers (MFPs) in particular are seen as vulnerable. A new report, Print Security: An Imperative in the IoT Era, from research and analysis company Quocirca identifies both the risks and best practices for maintaining print security.
“MFDs have long been a weak link in organizations’ IT infrastructure,” said Jiri Tuma, chief product manager at Y Soft. The report cites Y Soft’s SafeQ Workflow Solutions Package as a solution that provides authentication and secure printing features. “Businesses must smarten up and include print security in their risk assessment and overall security strategy. Deploying a secure print workflow solution, along with MFD security measures, is the best line of protection for organizations to control unwarranted access to their network and IP, while enhancing the employee print experience,” he added.
A key finding of the report is that businesses are well aware of print security risks with 72 percent of surveyed respondents classifying it as a major concern. Quocirca identifies four MFP security vulnerabilities:
- Unclaimed output that unauthorized people can collect intentionally or accidentally
- Latent images on the MFP’s hard drive that can be accessed by hacking or by reading the hard drive after the device is discarded
- Unauthorized access to MFP functions, which could allow documents to be rerouted, altered, or read as a saved copy
- Network security risk where hackers can access data remotely or launch a malware or DoS attack on the network
To minimize the risk that MFPs present, Quocirca advises companies take the following measures:
- Ensure that print devices are part of an overall information security strategy.
- Adopt a security policy for the entire printer fleet. It takes only one exception to weaken defenses.
- Secure access to the network. This includes encrypting data.
- Secure the device by activating hard disk encryption and data overwrite functionality.
- Secure access by implementing user authentication for the device.
- Secure the document by enabling digital rights management capabilities.
- Monitor and manage continuously using auditing tools.
- Seek expert guidance from, for example, an MPS provider. The report showed that companies that used an MPS provider experienced less data loss due to security failures.
“As organizations increasingly connect to the IoT, their cyber-attack surface expands. Internet-connected MFDs are one such endpoint that can be readily exploited, placing sensitive information at risk,” said Tuma. “With the aid of a secure workflow management platform and employee training, implemented by a trusted provider, organizations can feel comfortable that their valuable data is protected.”