The Recycler
  • ECS Web ad October
  • Ninestar Masthead banner July 2021
  • Katun March Web Advert 2021
  • Biuromax Web ad May 2021
  • Nubeprint Online 425x90

10 steps to secure MFP printing

10 steps to secure MFP printing

August 14, 2015

printer securityA recent report said that since “digital copiers are computers”, businesses need to include them in their information security policy.

GCN reported on the Federal Trade Commission’s study, “Copier Data Security: A Guide for Businesses”, which detailed 10 steps that agencies “must consider” in setting up adequate security measure, based on “common scenarios”. The first is to require user authentication, which “enables the auditing, reporting and tracking of user activity”, as well as other features.

Secondly, access ought to be restricted according to user authorisation, preventing users accessing resources on the network “that they normally do[n’t]”. The third step is to “centrally audit all network activity”, with most organisations being required to regularly review information system activity records by compliance security standards. These include “audit logs, access reports and security incident tracking reports”, and the report said that “centrally building an audit trail of all copy, print, scan, email and fax activity” for every networked MFP will ensure compliance.

Fourthly, users are advised to “encrypt data” coming and going from the MFP, which requires “all data[…] to be encrypted”, while government departments must “leverage encryption technology” to meet with specific security guidelines. Implementing pull printing is the fifth step, involving the printer user “authenticat[ing] at the device before documents are released”. Only documents associated with the authenticated user may be printed, and the print job “must not be stored on the device prior to printing”.

Sixthly, rules-based printing is recommended to control output by “analysing print jobs before release, based on a set of established rules, to determine how they are printed”. Examples are given of groups with “established print policies”, including the US Army Directive 2013-26 “Armywide Management of Printing and Copying Devices” and the General Services Administration’s PrintWise programme, who can enact these policies “with the implementation of rules-based printing functionality”.

The seventh step is to “enforce trusted destinations” by configuring devices to “properly prevent documents from being scanned or faxed to any destinations that may risk sensitive data exposure”. Networked MFPs configured for scan-to-email are “high risk”, as is outbound analogue faxing “without controls in place” for validating the email address of the recipient’s fax number.

Eighthly, monitoring and controlling personally identifiable information (PII) is encouraged, which most US government organisations already have a policy to protect. The Department of Homeland Security has issued a “Handbook for Safeguarding Sensitive Personally Identifiable Information”, which details guidelines that all employees must follow to protect PII within and external to the organisation. Similarly, the US Navy published a “Users Guide to PII” with compliance standards and protective measures for the Navy and Marine Corps.

The report advises agencies to “leverage software to systematically enforce the PII policies they have enacted”, and while there is no solution in place, “organizations must rely on employees manually following protocol, leaving no room for user error”. Standardising and integrating network scanning is the ninth point, as a “common problem” for traditional MFPs is that none of the devices have the same set up for document scanning. Typically, each MFP is “manually mapped to a network file share” and there is no standardised process for the organisation.

Unifying the set up methods into one technique allows administrators central control of the network folder scanning with a single configuration. Integration support is also needed “for all of the major commercial off-the-shelf document systems” so that direct and secure scanning can take place. The final step is to secure print processes, ensuring protection of “both the physical and electronic access points on their MFPs”.

The report points out that the costs in terms of penalties and settlements of failing to safeguard sensitive information are growing, while there are already too many “touch points that create risk” when sharing information. For the most point, these involve technologies that organisations rely on – in particular networked MFPs with copy, print, scan, fax and email functions.

 

Categories : Special Report

Tags : Printers Security Technology

  • IR Italiana Web ad January 2021
  • Ninestar Big & Bold July 2021
  • GPI Web ad October
  • GM Tech Web ad October
  • Static Web ad July 2021
  • Armor May banner Ink
  • Apex web ad May 2021 version 2
  • Mito September 2021 Web Advert
  • Aster Web ad October
  • Adter Recruitment Web ad April 2021
  • ITP Web ad January 2021
  • CTS Toner Supplies Web ad April 2021
  • CET Web ad September 2021
  • HYB Web ad February 2021
  • PW Dubai December Ad
  • PCL Web ad January 2021
  • Ohana July 2021 web advert
  • CET Web ad September 2021
  • HYB Web ad February 2021
  • PW Dubai December Ad
  • CTS Toner Supplies Web ad April 2021
  • Ohana July 2021 web advert
  • PCL Web ad January 2021
  • ITP Web ad January 2021
  • Adter Recruitment Web ad April 2021
  • PW Dubai December Ad
  • CTS Toner Supplies Web ad April 2021
  • Adter Recruitment Web ad April 2021
  • PCL Web ad January 2021
  • CET Web ad September 2021
  • Ohana July 2021 web advert
  • ITP Web ad January 2021
  • HYB Web ad February 2021

The Recycler, Wittas House, Two Rivers, Station Lane, Witney, OX28 4BH, United Kingdom | Tel: +44 (0) 1993 899800 | Fax : +44 (0) 1993 226899
©2006-2021 The Recycler - Terms & Conditions - Privacy Policy including cookie use

Web design Dorset | Websites by Mark