Information sharing is happening at a faster and faster pace. Companies are sharing information in new ways and creating new risks to security. Information is every organization’s key asset in today’s economy. Therefore, protecting that information is a challenge that all companies face.
Currently, the network is the central nervous system of data collection within an organization. The nerves branch out to the devices residing on the network, including computers and multi-function printers (MFPs). The loss of data can mean devastation for any organization, from personnel data to trade secrets. Loss of this data can mean lawsuits or loss of competitive advantage, which can cost millions of dollars. These vulnerabilities can become magnified when one is analyzing the security of a MFP.
MFPs present a unique security issue because they can print, scan to email, scan to a network and fax, and each of these functions requires transmitting information over the network or through the phone line, presenting a security risk. Attacks can happen in several different ways.
- The phone line attached to an MFP could be used to access the network
- The web server used to manage the MFPs and printers may be vulnerable to attack
- Unprotected electronic data can be inappropriately accessed while at rest on the hard disk
- Access can occur in motion to/from the device
- Malicious emails can be sent from an MFP with no audit trail
A multi-function device is a sophisticated machine with many sub system components. Most MFPs contain:
- One or more operating systems
- Network controller and firmware
- One or more hard disk drives
- Web server
- Page Description Language interpreters (PS & PCL)
- Local user interfaces
- Local hardware ports
- Fax system
To correctly evaluate an MFP’s security status, the entire system and sub-systems must be evaluated. This is an essential step to ensuring your network and data are secure. Fortunately, you do not have to perform these evaluations on your own, there are many organizations that do this and provide their findings to the public. You can find one such organization at www.commoncriteriaportal.org.
There are several industries that have further security concerns when dealing with government regulations. Some of these industries are healthcare, education, financial services and government. Of course, security is not an option anymore. In today’s climate, these concerns are on the forefront of any IT manager’s agenda, regardless of their industry.
There are also several factors to be considered when you remove a device from your network and look for a disposal option. Recently, CBS did a story on this same topic and an undercover investigator went into a warehouse owned by a bank that was temporarily storing copiers to be resold and he was able to walk in and pull data from the devices in the warehouse. He even found medical records left on the copier plate glass. When disposing of a device, make sure the data on the hard drive has been digitally shredded or overwritten. If this is not an option, you can remove the physical hard drive and actually destroy it.
Conversely, when purchasing a new device that will be residing on your network, there are certain features you want to look for to make sure your information will be protected in the future. All of these features will help to make sure your data is secure:
- HD Overwrite
- Data Encryption
- Volatile and Non-volatile Memory
- Secure Fax
- Scan to Mail Box Password Protection
- S/MIME for Scan to Email
- Job Log Conceal
- Hard Disk Removal Program
There are also several features to make sure your network stays secure and the MFP is not creating a security breach or an inroad to your network:
• IP/MAC Address Filtering
• SSL/TLS
• Network ports On/Off
• IPv6
• Digital Certificate
• SNMPv3
• 802.1X (Wire/wireless)
• Firewall
• Fax/Network separation
These are common features available in today’s market on the standard multi-function product. If you look for them, you should feel confident that your documents will be protected from outside attacks. Make sure to keep the device updated with the latest software patches as many of these will have the latest in security features as well.
Document security is an ever-changing battle that your company will continue to need to fight in today’s competitive market. FBN
Written by Tracey Arvieux