Is Your Printer Environment a Security Risk?
Here's how to keep the hackers out of your printers
By Alex Nicholas
AsanITprofessional,BankPresidentorComplianceOfficer, 3. Implement a Secure Release Solution that Eliminates
you know that data security is a top priority for your
Abandoned Print
organization. In today's highly regulated environment it is more
In many financial organizations, people use the "print and sprint"
important than ever to have a pulse on your organization's policies
strategy ­ send a file to the printer and then run so no one sees
and procedures in all areas. With cyberattacks on the rise we've all
their output before they reach the printer or they forget it during
come to realize the question we should be asking is not if our data
their busy day. Another popular method is providing additional
will be compromised, but when and how. One important area of
print devices to each employee to keep sensitive information
vulnerability that may not be on your radar is the security of your
within a specific office or area. Both models present additional
office printers.
costs and compliance risks.
All organizations take steps protecting data on networks,
Software solutions now exist that allow jobs to be held at the
computers and servers, yet overlook the network printer or other
server level and that restrict jobs from being released until the
end points. Hewlett Packard research reports that 90 percent of
user authenticates at a device via a badge scan
enterprises say they have suffered at least one
or pass code. This allows a bank employee to
data loss through unsecured printing. Yet a
maintain both efficiency and security in their day-
recent Spiceworks survey of more than 300
to-day functions. This is also a valuable platform
enterprise IT decision makers found that just
for multi-location organizations in which bank
16 percent of respondents think printers are at
employees may need to travel between branches to
high risk for a security threat/breach. Moreover,
better serve clients. The bank employee no longer
only around 40 percent of organizations deploy
needs to be cognizant of which specific printer
user authentication and use administrative
they select or which branch they are working
passwords. The risk is real, as hackers have used
from that day. Simply print and retrieve at the
vulnerable printers to access organization's
most convenient device at that moment. When the end user
data in multiple, creative ways. From a network printer intrusion
authenticates at the device, the user can choose to print or delete
to misplaced prints with sensitive data, compliance risk is ever
the job, eliminating abandoned print that may contain sensitive
present.
information and lead to sensitive data sitting on the printer or
Here are Four Steps to Take in Securing Your Printer
in open areas. These solutions also allow for automatic deletion
Environment
of print jobs held longer than a specified amount of time set by
1. Conduct a Printer Security Assessment
the organization. This function eliminates print jobs which were
never actually retrieved, saving both cost and the dreaded stack
A basic risk assessment report provides a glimpse into your print
of paper on the printer.
security vulnerabilities. Find a partner that can provide secure
print consulting. Deploying a strategy and tools that verify your
4. Utilize new technology that constantly monitors printer
fleet's security settings against a set of secure policy guidelines
threats
is often the first step. The process will identify and report any
Instant notification of security issues can prevent potential attacks
non-compliant features and identify areas of improvement or
and enable immediate action to be taken. Newly developed
vulnerability.
solutions allow organizations to:
2. Set Up Authentication Controls and Limit Access
· Automatically monitor threats
Authorizing printer use only for designated staff using badge scans
· Detect intrusions
or pass codes, and tracking printer use is essential in the event of a
· Validate operating software
forensics investigation. Software that implements these processes
Printers and multifunctional devices that copy, print, scan and
will show who has been printing or scanning, where they printed
fax are gateways to a potential breach in your network. It's now
from or where they scanned to, what and how much they printed
essential to identify the gaps in print environments and take
or scanned, and when they did it. This information can mean the
action to secure all devices.
world in the case of a data breach. It also is a great way to prevent
unauthorized usage. It's often possible to integrate the same
security badges or cards which are used for building access for user
authentication purposes. Everything is tied to a user's directory
Alex Nicholas
status and group policy. If only marketing and executives are
Vertical Market Specialist
authorized to print in color then that policy can be set. If your
Banking & Finance
policy is to never print emails, then print usage can be determined
Loffler Companies
by application.
The Champion for Minnesota Bankers
15

---