Unless properly secured, the multifunction print, copy, scan and fax devices in your office can be a gateway to sensitive data.
“The copiers are all connected to the network, which is connected to the Internet,” says Mari Sloan, director of GEM accounts at Toshiba Business Solutions. “So a technically oriented hacker can get into your network.”
Today’s hackers get smarter and more devious every day. They now know that there’s no need to fight through the security you have for your databases when they can just hack into the copier and find all the information that’s ever been printed and copied.
Smart Business spoke with Sloan about security technology and other new features available in today’s multifunction devices (MFDs).
Why should companies be concerned about printer and copier security?
The numbers don’t lie. One in five security breaches come from inside the organization, and more than 50 percent of identity thefts happen in the workplace. An unsecured MFD can be one of the greatest threats to your organization. The copier you have most likely has a hard drive, and every single thing you print and copy on that machine is still on the hard drive.
Imagine you’re a mortgage company that processes copies of W-2s, birth certificates, social security numbers and employment information, or a medical facility with patient records that are supposed to be protected by the Health Insurance Portability and Accountability Act (HIPAA). All of that sensitive information is just sitting there on your device’s hard drive, giving hackers an easy target.
How can you improve security on your printing devices?
You need four points: device security, access security, document security and end-of-life security. For device security, today’s multifunction devices need advanced encryption, and there are two ways to do this. The first option is to encrypt the data on the device’s hard drive. The second option is a feature called data overwrite. With this feature, the moment the print job is done, the data is overwritten on the hard drive.
To improve access security you must control access to the device. There are a few different ways that can be done, like using department codes or network authentication. Basically, the same user name and password you use on your computer that controls what you can and can’t see on the network can be utilized on an MFD.
The third point is document security. If you scan a PDF and send it over e-mail, that’s the easiest thing to intercept, open and read. Today’s MFDs can turn on 128-bit encryption password protection, so you would then be creating secure documents. There is also private printing. You can give the users the option to print with a pass code so documents don’t print until you get to the printer. If you’re a medical or financial institution with a lot of rules regarding personal information, you can force the machine to print privately so no documents could be printed and left on the tray.
Finally, you need to pick a partner that will help you create and implement an end-of-life security process to ensure the devices that leave your building are not leaving with sensitive data. Sometimes your devices don’t have those security measures on them, so you need to come up with a solution to get those hard drives cleansed before they go back to the lease company. The better partners in the industry can offer a solution to clients to cleanse the hard drives.
