Companies are beginning to understand the data loss implications of not properly securing their print infrastructure, according to Ricoh.
The print hardware, software and IT services company recently exhibited at InfoSecurity Europe 2011 at Earls Court in London. It was the sixth year the firm has been at the event and Helen Berentzen, office solutions manager, Ricoh UK, told CBR their presence, "Raised a few eyebrows. Some people were wondering why we’re there, but equally many were asking about print security because they are realising how vulnerable they are."
"Everyone is more worried about security these days," Berentzen continued. "There have been a number of high profile incidents – such as that of Bob Quick – that have raised awareness."
Berentzen said uncontrolled printing was one of the main security vulnerabilities. Salary details, CVs, sales information or any other type of sensitive data can be left on the printer and picked up by somebody else who shouldn’t be seeing that sort of information.
Other security issues come from the fact that the hard drive on a printer stores images of all recent print jobs and can be hacked in a similar way to a desktop PC.
The technologies to counter print infrastructure security vulnerabilities are available, Berentzen adds, but as with so many things one potential barrier is that users can be resistant to change.
"A lot of systems these days encourage education and change in user behaviour – the idea of making people think before they print. But there are other things you can do as well. You need to look at the lifecycle of a document so you know what’s happened to it, how printed it off and how many times," said Berentzen.
To help companies improve the security of their print infrastructure Ricoh has recently started to introduce HD encryption as standard on some of its models and other security features are built-in from the start, Berentzen said.
HP also offers a number of steps to help its print customers to protect their data. These include encrypting all print jobs while en-route to the printer and on the HD, access controls, storing print jobs on a protect server, deleting the information once a print job is complete and verification of users, so documents are only printed once a user has been verified by PIN, badge, card or biometric scan at the printer.
Also at InfoSec this year was Canon, who unveiled what it calls hardening guides, designed to improve the security imageRUNNER ADVANCE series of print devices. "Organisations need to understand the risk they potentially expose themselves to by leaving MFDs unprotected," said Quentyn Taylor, director of information security, Canon Europe.
"We have effectively tested the imageRUNNER ADVANCE series from a hacker’s perspective, firstly to give third party assurance regarding the security of our products, but secondly to develop a guide for customers highlighting any potential risks through improperly configured printing solutions. This in turn allows us to advise on best practice implementation to protect against malicious attackers and accidental leakage," he added.
"What companies need to realise," concludes Berentzen, "is that the printing is very much part of the IT infrastructure, it’s not just an additional part of it or cost."
