Multi function devices: Minimising exposure

Every organisation has a different risk profile based on their industry, organisation size, IT infrastructure, profile of their workforce and many more variables. However, the most common threat they all face on a day-to-day basis is data leakage, says Naoshi Yamada, Deputy Managing Director, Canon Middle East.

In the 2011 Global State of Information Security Survey commissioned by PricewaterhouseCoopers, CIO Magazine and CSO Magazine, which includes poll results from executives in the Middle East and South Africa, 48 % said that the downturn has significantly increased threats to the security of corporate information assets[1].

Office multifunctional devices or MFDs can play an important role in minimising exposure to risk. To ensure the MFD is a valuable asset in the battle to keep information safe. There are a number of common pitfalls which can be easily avoided by implementing the following configuration options on the MFD. This will help to lower the risk to exposure to potential threats, including malicious attacks and accidental leakage.

Printers are no longer just printers

Multifunctional devices are actually servers in their own right, providing a number of networked services; for example email, file transfer (ftp), Web and eFax servers, with some having significant hard drive storage as well. As such, they need to be treated in the same way, but are often not controlled to the same degree as corporate email servers or company web servers.

Organisations of all size should produce a configuration guide and ensure it is adhered to at all times. This will ensure all functions on the MFD are looked at critically, and can be enabled or disabled as required. It will also mean third parties fully understand the configurations and no not disrupt them.

Password protect your organisation

Social networking has experienced explosive growth in the Middle East. The Facebook site alone has more than 15 million members from the region, far exceeding the subscriber base of all newspapers in the MENA area combined[2].

With the popularity of social networking in people’s lives, password theft has become even easier for malicious attackers. For example, password stealing Trojans and other malware can use fake password reset messages, which when activated then install on people’s machines.

It has then been widely reported that one third of people use the same password for all websites and corporate accounts, meaning once the attackers have it they can access not only the individual’s personal data but also their professional information.

To ensure the MFD is a secure link in the information flow, organisations should disable default passwords and ensure employees have strong, unique passwords which are changed every 90 days for accessing their print jobs. These should ideally be between eight to ten characters long, and include a mixture of letters, numbers and symbols, rather than a dictionary word which can easily be remembered.

Paper-based leaks

Nearly a quarter of security breaches are paper-based. It is really important for organisations to make sure their MFD is not a key contributor to this. How frequently are printouts left in the output tray or dropped into the recycling bin, without being shredded?

Organisations can minimise the risk by using secure job release, a function which means print jobs are locked in a queue on the device until the corresponding user PIN is entered. This will minimise the number of printouts left on the output tray, as documents will only be printed when they are required.

Minimise the insider threat

One of the ongoing risks for security professionals is not just the threat of malicious attacks, but the insider threat. Whether it’s disgruntled ex-employee leaking information for money, or a well-meaning current employee, or simply human error, the risk of someone who has access to confidential information can be difficult to protect against.

For example, many organisations use sub-contractors who require access to the most up-to-date data to complete their work. By enabling the secure print options including secure job release outlined above, it protects from people stumbling on printed documents left on the output tray or illegally gaining access to an employee’s mailbox.

A further configuration which can help protect against this type of threat is job log conceal. This hides the details of recent print jobs so people can’t watch them, and also removes all traces after confidential jobs are printed so no data trail is left.

Lastly, it is very important to consider what happens to the device at the end of its life. Would you simply throw away a laptop once you’d finished with it, or would you clean the hard drive to remove all your data such as photos and music? The hard drive of a printer must be erased and securely disposed of at the end of its life.