Have you ever thought about how to keep your documents & office equipment secure?
We have just passed the first-year anniversary of the upgrade in privacy policies, commonly known as GDPR.
There was a huge amount of activity and hype before the 25th May 2018 and then the lull happened. For some businesses, GDPR took up a lot of headspace and for others, it took up relatively none. And now, many businesses feel that it was a lot of hype, but is this really the case? It would most certainly be our contention that GDPR is here to stay. This is a ‘forever’ moment in the law and data privacy matters. Many businesses, including our own, made huge strides in upgrading their IT systems and processes, looked at their privacy statements, engaged in staff training etc, but how many businesses went that step further and looked at their office equipment? Honestly – not that many! It’s a conversation that I bring up with all our clients and prospective clients. Invariably, the reaction is that people are just not aware that they have to look at their office equipment and consider its security.
Security breaches are usually associated with operating systems, servers and e-mails, but not printers. Printers have the same security vulnerabilities of a server on the network, i.e. they are open to being hacked! Printers can offer opportunities for attackers to compromise the device, your data, or the entire network of your business. According to the Quocirca report, print infrastructure is vulnerable to all the threats associated with IoT devices, but also to risks linked to hard copy output. The number of print-related of breaches reported by the organizations we surveyed is concerning and the lack of security maturity shows that businesses can and should do more.
Let’s take a look at the areas for concern and on how to keep your documents and office equipment secure. Before we look at the ‘how’, let’s take a look at the ‘why’, in other words why should your business take the security of the office equipment very seriously?
- Your printer or multi-functional device (MFD) has a hard drive disk (HDD). Every copy, scan and print that you do on your device has a copy of it on the hard drive, unless you change the settings! Think about it…that’s every aspect of your business that is on the HDD.
- Crime Prevention – multi functional devices are on you network. If someone wants to hack into your business and access your data, they can do so via your printer. You wouldn’t leave your IT security to chance, so why would you not keep your printer secure and locked down?
- Business Continuity – if your business was hacked, or your files were held for ransom, what effect would this have on your business? Would it have a detrimental effect on your company reputation, on your credibility and business integrity? Would your business survive?
- Cost Savings – The cost of exposing your company, vendor, partner and employee information could be very expensive. It has been said that prevention is better than cure.
- Peace of Mind – having the proper security settings on your MFD will give you peace of mind, as it puts you in control. It also makes your business GDPR compliant, which is a business must.
When we work with clients to ensure that their security and encryption settings are set appropriately, we undertake the following protocols:
- Make sure that the default admin password is changed;
- Guide clients to make a conscious decision as to whether the USB printing and scanning is disabled or live. The USB port can literally be locked down, so that users cannot stick a USB stick in and print from it. If the USB port is left open, the MFD will register the serial number of the USB stick used, so you have traceability as to what file was printed or scanned, in case of a breach.
- The printer should switch on HDD (hard drive) overwriting to set schedule, e.g. daily.
- HDD overwriting can be set to different levels. For most businesses, level 1 will suffice, however, the right level is intrinsically linked to the confidentiality of the data that you run through your printer. It should be noted that the higher the level, the slower the machine will operate, as there is more processing to be done.
- Supply your MPS solutions provider with a 20 digit encryption password. It should have a minimum of two letters. Only you should know this information and you should store it safely, as if it’s lost and the HDD goes down, the printer will become unusable.
- If you are changing your printer or upgrading it, make sure to get the HDD taken out. This should either be destroyed professionally with a hard disk shredder and you get a certificate of proof, or else you take it back and put it in a fire proof safe for safe keeping, particularly where a lot of sensitive or confidential information is contained, e.g. legal practices.
If you are concerned about the safety of your printer or MFD, call us today at 01 4097034 or email [email protected] for a review and consultation. Our standard: #ServiceExcellence #Security
Highline Office Technology
Giving you back time. Giving you peace of mind.