Lock Up the Shop...and Your MFP

Cyber attacks on data within organizations like Google and TJX Companies over the past few years have done more than capture the media's attention. The serious harm to a company's bottom line caused by Web attacks and malicious code is keeping information security top of mind with senior executives.

The First Annual Cost of Cyber Crime Study from the Ponemon Institute, a research center dedicated to privacy, data protection and information security policy, found that the median annualized cost of cyber crime is $3.8 million per year. Combined with the Information Week Analytics' Strategic Security Survey—which reports that more than one-third of business tech and security professionals anticipate that their organizations will be the target of some form of security breach or espionage—it's easy to see why companies are re-evaluating their data protection technologies and policies.

However, I've found there's often a gap between the network security strategy being developed by the IT department and the technologies in the print center. The printing equipment in today's in-plant includes sophisticated systems that are also at risk of being hacked just like networked computers and servers. Protecting an organization's intellectual property and customer information requires a holistic approach that looks beyond traditional network peripherals. Just as you would install anti-virus software on the PCs and servers in your print shop, you also need to implement the right tools to protect the data flowing through printers and MFPs in the in-plant.

Take this simple example of the diligent in-plant manager at a large hospital. With HIPAA compliance a top priority, the manager makes sure that, after a long day of printing claims reports and other classified documents, the contents of the recycling bin are shredded, and ensures that all PCs are password-locked before locking the doors on the way out. But is there another door left wide open to cyber criminals?

How to protect your data

In-plants must work with their vendors to identify where their information resides, how it is transferred and detect the greatest areas of risk. It is important to carefully evaluate the security measures built into the printers and MFPs you are currently using or considering purchasing and to choose a vendor partner who will make sure security features are enabled or purchased, and collaborate with you on a data protection strategy.

Take inventory of your in-plant's fleet now. Look for features like:

• Image Overwrite: This feature electronically "shreds" information stored on the hard disk(s) of MFPs as part of routine job processing. The electronic erasing can be performed automatically when each print job is completed, or started manually as needed.
• Encryption: All data that interacts with the printer or MFP, as well as data stored within the device, is secured with state-of-the-art encryption.
• Network Authentication and Authorization: Access to scan, e-mail and fax features can be restricted by verifying network user names and passwords in network directories prior to use of these functions. Access permissions can be controlled on a per-user and per-service basis, all managed centrally at the network domain controller. Additionally, all activity is monitored and recorded in a security audit log.
• Fax/Network Separation: MFPs should include a firewall to prevent unauthorized access to your system through the network connection. However, unprotected fax connections in MFPs can be an open back door into the network, so purchase a machine that provides complete separation of the telephone line and network fax connection.
• Secure Print: Jobs are safely stored at the printer or MFP until the owner enters a personal number to release them. This controls unauthorized viewing of documents sent to the printer.

Post-termination Security

In addition to engaging these features to protect sensitive information, it's important to keep it secure even after the printing equipment is decommissioned. If the in-plant manager were to trade in the printer or MFP without taking the precautions mentioned above, the data the shop processed would still remain on the hard drive. This would figuratively leave the print shop door open, allowing the next owner of the equipment to access sensitive patient information.

Some manufacturers offer options for removal of the hard drive before the equipment is disposed of or turned in after a lease. While the owner of the printing equipment is ultimately responsible for their data, choosing a vendor that will help you understand the risks to data when returning machines, and will recommend the most effective way to rid the hard drive of information, is something to keep in mind during the purchasing process.

By collaborating with vendors, in-plants can ensure company and customer information is secure. Taking proactive action ensures you're minimizing the risk found inside the print center, while demonstrating your support for or compliance with the larger corporate data protection strategy.