Printers, scanners, and the like are often overlooked when data security is discussed. But, these devices can have sizable hard drives that store a large quantity of sensitive information. These devices transmit corporate information (anything from simple emails to credit card information) and must be in compliance with legal and regulatory statutes like the Data Protection Act. In addition, any device that houses such a wealth of data is at risk of being hacked or otherwise compromised. Let’s take a look at some of the compliance and security issues and what can be done to help tighten security when printing data on different devices.
The first risk to mention is a decidedly low-tech one: stolen devices. Visitors or employees may be able to gain access to your device and steal it, or simply access the hard drive if the device or drive is not properly protected. Physical theft is still among the highest risks to data. Even with unprecedented amounts of digitally stored data, breaches like payment fraud – 87% of which targeted checks – are reported by over 60% of US organizations.
Next we look at some practical issues surrounding the device in the actual printing environment. If you don’t have a plan in place to monitor who is printing what documents at what time, it will be difficult to root out the cause of a breach. Failing to offer some sort of an authentication process in order for employees to gain access to a printer can open you up to such a breach.
Knowing what a hacker can do with your stored data is key to prevention. Without suitable security at the proxy server, your data can be compromised. A hacker can use Telnet to get into your printer, where they can then access the information within. Hackers can change administrative settings, re-configure the printers, and even change the content of a document. The more information they have access to means more for them to work with, so a hard drive that isn’t purged of data on a regular basis is an easy target.
Security and Compliance
As some security experts have noted, there can sometimes be a tradeoff between usability and security. That said, implementation and consistent use of a few simple tips can greatly lessen the risk of data breach and non-compliance.
Having suitable security at the proxy server level is a great first step in establishing security. Have a data classification system in place so you know where information is stored and who is able to access it. Modern hard drives are equipped to hold large amounts of data, so data classification is key – and so is making a plan to securely back up and then purge hard drive data often. Follow that up with monitoring printer access so you know who is using the devices at all times. Each of these steps work with the others to provide security and compliance with industry standards and regulations.