Every business has at least one printer. Whether used heavily or not, your printing devices sit in the background as part of the office scenery. They're also a security hole. Consider this:
70% of organizations have had at least one data breach via printing.*
In 11 Things SMB Owners Need to Know About Network Security Monique Phalen, our Director of Technology, pointed out that “anything with a hard drive can be hacked.”
Today, I want to talk specifically about digital copiers and how to prevent data breaches through them.
Copiers Are Computers
I know from our customers that this opinion is changing, but some people continue to think of today's multifunction copiers as the simple copiers of 20 and 30 years ago. Digital copiers today are complex devices with hard drives, touchscreens, network capability, and apps that extend productivity (such as mobile printing).
The networking capability combined with the hard drive is a possible hole in your security plan, but only if you don't take it into account.
Protect Personally Identifiable Information (PII)
As you scan, copy, and print; your devices' hard drive saves a copy. Without a few simple precautions, this could lead to theft of this information and various compliance issues.
For instance, a healthcare company's copier lease was up. Sitting in a warehouse, CBS news bought a few at random as part of an investigative report about security. On the copier hard drives they found credit card information, personal details such as Social Security Numbers – a treasure trove of data for identity thieves. I've embedded the report below (it's from 2010, but as relevant today).
How to Secure the Information on Your Copiers
Through a combination of common sense steps and software, keeping your customer and company data secure is straightforward. The most important step is to be sure to include your copiers and printers – especially those attached to your network – in your security plan.
- Don't leave documents in the output trays. Use pull printing (read about secure printing here) to prevent confidential documents from being accessed by anyone.
- Encrypt information.
- Use print rules to restrict access to certain printers and to provide audit trails to help determine culpability in the case of a breach.
- Wipe your hard drive on a set schedule.
- When you replace your printers and digital copiers, remove the hard drive or have your service partner digitally shred the drive (not just erase the data).
- Change the default network password.
- User authentication at the device. Whether password, swipe card, or biometrics; this ensures only authorized users access the device. And enable automatic log-off, because hardly anyone remembers to do that!
The biggest challenge about copier hard drive security is simply knowing that it's an issue. So now you know. And as the G.I. Joe cartoon says, “knowing is half the battle.”
*The Ponemon Institute: 2010 Annual Study: US Cost of a Data Breach
Topics:
