Your copier could get you hacked. Are you overlooking these 12 important copier security issues? Your copier in the corner of the office could be ripe for hacking – if you overlook a few simple steps to keep it secure.

In this short guide, we outline the most common copier security issues that IT pros too often overlook. Then we provide you with 12 ideas to keep your data and network secure that plug potential security holes caused by your copier fleet.

The best part is that once you know what the security issues are, they're often simple to address!

Before focusing on copiers, two quick data points about data breaches:

  • If you’re thinking you’re safe because you’re a small business, think again. Research shows that 62% of cyber breach victims are small and mid-size businesses. As you would expect, healthcare and financial services are the most popular targets, but no company is immune.

There are five main reasons SMBs are at risk:

  1. Weak link. SMBs are often less protected and are “low-hanging fruit” for hackers.
  2. Chain of trust window to larger fish. Cyber criminals use SMBs to get to larger victims. The Target breach originated through a SMB partner.
  3. Less likely to draw major attention. Hacking Bank of America is going to draw the eyes of media and the government. Hacking a local grocery store chain or real estate agent is not going to draw national attention.
  4. SMBs have valuable data too. Even small companies have data that could be worth big money.
  5. Opportunity. Automated attacks looking for any victim could have more success with the less-sophisticated defenses many SMBs have set up – if there are any defenses. A report from McAfee found that nearly 90% of SMBs in the US don’t use data protection for company and customer information. Additionally, not even half secure company email to prevent phishing attacks.

Now that you see the risk of data breach more clearly, what does this mean when it comes to your copier?

Copier security is a two fold challnge - are all of your bases covered?

The Two-Fold Challenge of Copier Security

There are two sides to the copier security challenge – the copier itself and your employees.

Today’s copiers (and many printers too) are network-connected devices with internal hard drives that save copies of the print jobs sent to them.

Employees are people. And, to be blunt, people do stupid things.

We’ll first talk about the copier itself and then end with a few words about how to train your employees to do the right things – which they want to do anyway.

Hard Drives and Networking

There are two key technology challenges in copier security –

  • network security
  • the copier hard drive

Today’s multifunction copiers (and some printers) are essentially computers, with a hard drive, network connection, and operating systems. These hard drives in copiers store images of every document that’s ever been copied, scanned, or emailed. This data remains stored on the hard drive until the drive becomes full then the old data is overwritten, but there’s always the potential for sensitive information to be stored on your copier’s hard drive.

A weak password or a lack of password could give hackers an easy route into your network – and all of those document images stored on the copier’s hard drive These devices are also connected to the office network. If you have a weak password (or, worse, the factory default password), then your network can be hacked through your copier.

A weak password or a lack of password could give hackers an easy route into your network – and all of those document images stored on the copier’s hard drive. And what have you copied? Checks, social security numbers, credit card numbers, banking details, health information, internal business plans; think about the kinds of confidential information you copy and print. Your copier has stored that information on its hard drive.

There are a number of simple steps to take to close these security loopholes.

The following 12 ideas will help keep your copiers and information secure.

Idea 1: Plan

Include your office technology in your IT security planning.

In many companies, whoever orders the paperclips also orders the office technology. Regardless of who buys the equipment, they should be managed by your IT department.

Idea 2: Thou Shall Not Pass(word)

Reset default passwords on any network-connected device. Change passwords regularly and follow best practices for creating strong passwords – no birthdays, pet names, or anniversary dates that can be easily guessed. And never use a work password for a personal account – you don’t want to be responsible for a security breach because you used the same password for your personal Facebook account.

Password-protect each device’s control panel to prevent settings from being changed.

Idea 3: Network Security

Protect your network-enabled printers and copiers as you would any network-connected device. One simple step, have a print server and enable IP filters on the device that only allow the print server and IT staff to access the device.

Never open your copier’s Web interface to the Internet.

Idea 4: Encrypt Information

Have software installed that encrypts data already on the hard drive or prevents it from being stored. This method allows businesses to safeguard electronic information by preventing unauthorized access to files. Even if your network is hacked, your information remains secure.

While data is often protected when transmitted between PCs, many companies transmit the same data in clear text to a copier or printer. It’s possible for this information to be captured as it’s sent to the printer. Consider encrypting sensitive data. Many copiers provide Secure Socket Level (SSL) encryption support. More advanced options can be available too.

Idea 5: Hard Drive Overwrites

Overwrite your copier hard drive on a set schedule, once per month is a good schedule. Some devices also can be set to overwrite after each job.

Idea 6: Keep Firmware Up-to-Date

Drivers and updates to a copier’s firmware often include improved security functionality, fix various bugs, and also patch security holes as they become known.

Idea 7: Print Job Holds and Authentication

Be sure only approved walk-up and network-based users can access the device and all of its functions – print, copy, scan, send, etc. When tied to various print rules, authentication can also help to control who can print in color and total print output (which helps control costs).

Functionality can also be limited on devices – preventing access to email, copying, networks, etc.

Do YOU have a print policy? Print rules save money. Download 14 print rules you can use now.

 

Many copier’s authentications can be tied to a company’s Active Directory and/or locally tied to an individual device.

Authentication can be based on password, PIN, and different types of card readers.

Using authentication to release print jobs at the device ensures that sensitive documents aren’t left in the output tray for anyone to browse through.

Idea 8: Restrict File Formats

.exe files can wreck your day when some unsuspecting user saves one. If you limit the file types that can be saved on the device to printable formats only (such as TIFF, JPEG, and PDF), you reduce the chance of virus infection from .exe files.

Idea 9: Physical Security

Copiers should be placed to balance ease of use and security. For highly secure environments, a locked room and monitored access could be warranted. Most security requirement needs aren’t that stringent, so place where monitoring is easily done. A visible location can prevent document theft or snooping, unauthorized access to stored documents, and misuse of an Ethernet or USB connection (USB ports can also be disabled if necessary).

Consider separate printing devices for HR, finance, and/or executive teams within those offices to ensure that sensitive document can’t be seen by everyone. Don’t leave an HR disciplinary review or executive compensation where anyone can see those documents.

And shred hard copies of sensitive documents when no longer needed.

Idea 10: People Problems

Many security breaches and loss of company data happen because people do dumb things – they use simple passwords, they use public Wi-Fi to access sensitive data, they accidentally email sensitive information, the list is long.

As mentioned earlier, authenticating users will help to keep information secure by holding print jobs until released by the user. Tracking and print rules also allow audit trails of documents that pass through a copier.

Some copiers, such as Canon’s imageRUNNER line have a document scan lock and trace capability to prevent unauthorized scans or faxes of hard-copy documents. If a user attempts to scan or fax a restricted document, the operation locks out and a record of the unauthorized activity – complete with user name – will be logged.

Idea 11: Talk to Your People

Make sure everyone in the office is aware of the vulnerabilities and the role they play in protecting the business and its data. Give them guidelines and create clear security policies so they know what is expected of them (like not putting their passwords on sticky notes and sticking them to their computers or visiting unsafe websites and clicking on Facebook ads).

Your copier service provider can help you make the decision for your copier’s end of life – keep the hard drive, digital shred it, or dispose of it.Idea 12: Getting Rid of Your Copier

Companies switch out their copiers and office technology all the time as business needs change. A news segment on CBS even called copiers a “digital time bomb” and treasure trove for identify thieves (because of all the data stored on the copier hard drive).

Once you’re aware of this problem, it’s easy to avoid. 

Be sure that your information stays with you. There are a few ways to do this:

  1. Remove the hard drive and keep it with you
  2. Scrub or digitally shred your hard drive – this is a step beyond deleting (which simply removes pointers to files while leaving the files in your hard drive)

Your copier service provider can help you make the decision for your copier’s end of life – keep the hard drive, digital shred it, or dispose of it.

Note: Copier hard drives can also include firmware that is required for the device to operate. Check with your service partner before removing a hard drive on your own to ensure the device will remain operational afterwards.

An Ounce of Prevention

Once you understand the potential security issues from modern copiers, the fixes aren’t all that difficult.

Click here to download a PDF version of this eBook

Regardless of your particular equipment, if it’s connected to the network, it could be vulnerable to hacking. Follow these tips and you’ll have one less thing to worry about regarding your information security.

New call-to-action

 

RESOURCES TO CHECK OUT

Subscribe to Email Updates