South African large enterprises are becoming more aware of the information security risks in their print environments, but SMEs are typically unaware of the vulnerabilities created by their printers, says Introstat.
Introstat, a printing and IT solutions specialist and HP preferred partner, says the new generation of connected, smart multifunctional printers potentially leave organisations open to fraud and information theft, if not managed properly. "However, most small and mid-sized enterprises are still unaware that there are security risks around their print environment," says William du Preez, IT Services and Solutions divisional manager of Introstat.
Du Preez notes that a primary risk around MFPs is the fact that all scans, copies and print orders are temporarily stored on the device's hard drive. "If the hard drive is not effectively secured, or is not cleaned before the device is sent back to an outsource partner or disposed of, that data is still available to anyone who knows how to retrieve it," he says. Accessing these documents is relatively simple, as illustrated in a recent local TV expos'e on the risks.
"Any number of sensitive and confidential documents could be on the MFP hard drive - from company financials to tender documents and customer information," Du Preez points out. "Major enterprises tend to manage their MFP hard drive security effectively, but the smaller and mid-size market appears to have been unaware these risks existed. In fact, after the TV expos'e, we received a number of calls from SMEs worried about the security of their print environment."
Du Preez notes that encryption of print information and wiping of the MFP hard drive are just some of the overall security measures that should be taken to secure the print environment. He notes that advanced MFPs are also WiFi-enabled and connected to the Internet, creating the potential for hacking. "While the business may have protected its IT systems with a perimeter firewall, it may overlook the fact that the printing device is a potential gateway to the network too," he says.
MFP connectivity also presents an opportunity for people inside the organisation to scan or print confidential company information and e-mail it elsewhere, so bypassing physical and network security measures. People might also navigate the device to access workflows from other users and departments, says Du Preez.
Securing the print environment requires a number of measures, he says. "Companies need to determine the levels of security they need, and enable their MFP's erase commands and encryption in line with their required levels of security. Because MFPs are now smart devices, they need to be managed as part of the IT network and locked down as effectively as possible. Businesses should also consider integrating access controls that authenticate users by PIN codes, so enabling different functionality by level of user and allowing for an audit trail in the case of misuse or fraud."
Du Preez notes that HP offers multiple levels of print environment security, including HP Access Control and HP ArcSight printer integration as part of a broader range of JetAdvantage security solutions that meet US Defence Department specifications.
Share