PRINT
IT
RESELLER.UK
41
VOX POP
An engineer
walks in and
replaces a
hard drive
and walks
out with that
information
device and print security policies. Pressure
to do so is being applied by the ICO. It
increasingly takes such breaches very
seriously, as witnessed by the hefty fines it
has imposed on those private and public
sector organisations that have failed in
their data privacy duties.
“A growing risk to networked devices
is posed by external hackers. Connected
devices with web-browsers are a great
entry point to a company’s network and
all the confidential customer and business
data held within. Whether you’re a major
brand or an SME, the consequences can be
the same – a direct impact to the business,
frustrated customers whose details may
have been leaked or compromised, and an
incalculable damage to customers’ trust in
that brand, that can rock it for years.”
Toni Gibiino:
“The risks are huge and
actually MFDs, printers and copier stations
are pretty easy places to find all sorts of
confidential data sitting around. If you
think about the possible data access points
on a printing device, it’s no surprise that
we hear huge stories in the press about
important documents being found on
public transport for example.
“There are three key areas that we
need to protect when it comes to printing.
n
Paper output trays
– documents are
printed and never collected. A familiar
scenario across millions of businesses
across the world. The most common
vulnerability point without doubt.
n
Hard disk data
– printing devices are
capable of storing data. When these
devices leave the business at the end of
a lease, it could leave with a lot of data.
It’s surprising still how few businesses
even discuss this during a fleet swap
unless we raise the matter.
n
Print network
– intercepting print
jobs as they travel across the company
network or more frequently, through
cloud-based printing. Encryption here is
essential too.”
Simon Riley:
“I don’t think they realise
until you point it out. Most IT teams focus
on the breach from outside the building,
people sending in virus emails or stopping
staff downloading weird and wonderful
software. The fact that they go and print a
copy of the accounts, or print out the entire
client base doesn’t matter.
“An engineer walks in and replaces
a hard drive and walks out with that
information. If someone managed to
breach the client security system, what is to
say that using some software which is out
there that they couldn’t grab information,
using the machines’ web interface?”
Julian Stafford:
“Ignorance.”
Scott Walker:
“I think this is simply down
to the fact that most organisations look
at printers as just that – printers. At the
end of the day, they’re computers in their
own right. Once they’re on the network,
they’ve got the same levels of risk as a PC
or laptop.”
Matt Goodall:
“Largely because they are
unaware of it, they do not comprehend
the amount of data that passes through a
multifunctional device, the daily throughput
of scans, prints and faxes, is huge in most
modern equipped companies.
“The machine will store, process and
then print, send or fax the data, most
industry experts will be aware of this and
advise accordingly. We are rarely asked
what EAL (Evalution Assurance Level)
security level the machines comply with,
and whether that fits with the clients’
needs. Generally it’s only in military or
government sales, that we are quizzed
about the security features.”
Grant Howard:
“While IT departments
are very careful when it comes to
protecting PCs, user accounts and other
areas viewed as traditionally vulnerable
from breaches, generally, they still see the
MFD as a benign unit to carry out simple
day to day office tasks.
“However, the MFD is now effectively
another PC with its own operating system
and storage area and should be treated as
such, with the same levels of caution as
other devices.”
Mark Smyth:
“Some IT Managers simply
do not see the printing device as a security
threat and therefore it’s low priority.
However, over 60 per cent of IT Managers
have experienced a security data breach
through the printer so it absolutely should
be taken very seriously. We are starting
to see an increase in security questions
and more qualification content in tenders
and in client facing presentations, and IT
normally always have a presence. Where
they do not have an initial presence, we
request they are engaged and as early on
in the process as possible.”
Steve Small:
“In many cases, this is
down to ignorance of the capabilities and
features of the devices, and they are often
seen as simply paper output devices.”
Clive Hamilton:
Firstly I think this
is changing with more and more
conversations featuring security
prominently. But for some organisations,
security is a challenge, some don’t
understand how sophisticated the systems
have become and how security features
are built in or embedded but, unless they
are switched on they don’t provide any
protection.
“Many organisations don’t have
the skillset in house to manage the
systems to create a print policy or look at
authentication. But, as print specialists we
need to do more, we need to encourage
more open conversations around security
and share best practice, so that we can
advise our customers on how they can
protect their business, in the long run, this
is beneficial for all of us.”
continued...
PITR:
Why do you think that organisations place a
lower priority on print security?
Clive Hamilton,
Group Managing Director,
Pinnacle Complete Office Solutions
Adam Gibbons,
Group Managing
Director,
Xeretec
“Many organisations don’t
have the skillset in house
to manage the systems”
