PRINT
IT
RESELLER.UK
41
VOX POP
In our survey
of 1,000
UK office
workers,
two thirds
reported
that their
colleagues
leave printed
pages in the
printer tray!
Any data
leak can
cause huge
reputational
damage
to an
organisation
the door when it comes to new business
opportunities.
“Security is now also a core driver
(secondary only to cost) for companies
seeking IT services, managed print services,
or a document management partner, but
more still needs to be done by companies
obtaining a managed print service to
actually introduce and maintain the
recommended security policies in their
working environment. Most people don’t
like change, especially when it comes to
technology, so you see many organisations
who go against the advice and don’t adopt
the recommended security best practices,
simply because of the potential impact that
this could have on employees or customers.
“With the forthcoming General
Data Protection Regulation (GDPR) set
to introduce far more stringent rules
to help control, manage and secure an
organisation’s data, businesses will need
to do much more to ensure the data
contained within IT services both on and
off site, including print, is secure and the
processes surrounding IT services are
compliant. Plus, businesses above the
250 employee threshold will soon need
to appoint a nominated Data Protection
Officer.”
Nigel Allen,
Marketing Director,
KYOCERA
:
“It’s definitely fair to say that
there’s been a huge rise in awareness
around just how vulnerable organisations
are to cyber security attacks.
“The recent spate of high profile
attacks against UK organisations has only
helped data security in particular become
an important, board level, issue – mainly
because we’ve seen board awareness of
security grow as cyberattacks have been
proven to leave long lasting effects on
companies’ customer trust and bottom line.”
Andrew Hall:
“The risks can be a major
problem as few users are aware that any
data sent to a print device has it stored on
the hard drive. If the device is not correctly
configured, the data remains accessible
even after being printed.
“Correct configuration is required
to ensure once a document has been
printed it is erased from the hard drive.
For example, Smart MFPs meet this
requirement, offering customisable tools
for individual users that can be accessed
with unique ID cards or PIN codes,
maintaining document and data security
and protecting businesses.”
Phil Jones:
“Most organisations send
sensitive documents to the printer – this
could be in a HR or Finance office, where
personal information is being printed. If a
hacker has access to the network then they
can read this information very easily using
a network protocol software like Wireshark.
“You can protect data by
authenticating at the device before the
document prints via Active Directory login
and LDAP or by using NFC card readers.
Encrypting the document over the network
via TLS/ SSL – which is widely used in
e-commerce to prevent unlawful access to
customers’ bank and credit card details - is
also a good suggestion.
“The devices you add to a network
should offer IP-Sec, IEEE 802.1x and
SNMPv3 encryption which will further
reduce the possibility of network breaches.”
Quentyn Taylor:
“Printers tend to be
aggregators of sensitive information as
the majority of people only print their
most critical documents, meaning an
unsecured print infrastructure can be a
serious security risk. Modern printers are
no longer simple devices, but also act
as copiers, scanners and fax machines
– a fully connected part of a company’s
network. This means that an unsecured
print infrastructure is not only a source of
leaks when it is decommissioned, but can
also be used as an active exfiltration point
due to its fully operational server. These
features plus remote access capabilities
make it absolutely critical to ensure that
the print infrastructure is fully secured.”
Brian Young:
“Once you understand
that printers store data, the risks become
obvious. Any data leak can cause huge
reputational damage to an organisation,
whether it’s an educational establishment,
a retailer or financial services company.
There are also financial threats: contract
information, payment and bank details –
on a daily basis, printers handle a wealth
of information that could be exploited.
“Every organisation needs to protect its
print infrastructure as much as it does its
computers, Wi-Fi network, software, apps
or any other part of the overall IT systems.
A business is only as strong as its weakest
link.”
James Dunne:
“Unsecured MFPs are
an easy entry point into SME or large
corporate networks for external and
internal threats alike. Gaining even limited
access to an unsecure printer or MFP, can
enable an attacker to explore your network
environment and seek out other unsecured
targets. Malware such as Mirai has shown
us that unsecured printers can even be
used for large-scale DDOS attacks on other
organisations as well as your own.
“Sensitive information can also be
obtained from the print process itself, if not
secured correctly, both virtually, through
servers and physically, through print-outs.
And we know that this is happening in
offices across the country – in our survey
of 1,000 UK office workers, two thirds
reported that their colleagues leave printed
pages in the printer tray!
“Security breaches can be costly to
the organisation both in terms of data
stolen and actions to correct the breach,
and it can also mean hours of ‘dead time’
for businesses in sectors such as legal or
finance, where print is mission critical.
Work can’t be actioned, employees are
left twiddling their thumbs, deadlines
are missed, and in worst cases, financial
penalties are incurred.”
Nigel Allen:
“Safeguarding company
documents is the highest priority for all
companies, as information is a company’s
biggest asset, especially when it comes
to intellectual property and research
and development materials. For some
organisations, particularly in the legal and
health sectors, the documents they print
(think contracts and patient files), are
extremely sensitive.
“In fact, they’re some of the most
sensitive documents they deal with
as an organisation. In leaving a print
infrastructure unsecured, you’re in a sense
leaving these documents to be accessed
by anyone. It’s no longer not good enough
to be ‘quite sure’ that your data can’t go
missing – you need absolute knowledge
that this will not happen.”
continued...
PITR:
The print infrastructure is often overlooked by IT
professionals and networked devices are frequently
used without proper safeguards in place. What are the
risks of an unsecured print infrastructure?
Andrew Hall,
Marketing Manager,
OKI
