There are always going to be threats to your business, either external or internal. As a business owner, your posture shouldn’t solely focus on avoiding them, it should be having the tools and protocol in place to minimize the damage. This is especially true for cybersecurity, given that for most organizations a cyber attack isn’t a matter of if, but when.
Many office employees and business owners aren’t aware of security vulnerabilities within their own workspace. While many organizations, especially small to mid-sized ones have a base level of security — two-factor authentication, documented security procedures, and have invested in some additional security measures — it likely isn’t enough.
Networks, servers, and computers are typically what’s prioritized for protection, but most modern offices have additional devices that make their organization’s entire infrastructure vulnerable without them even knowing it. Something nearly all offices have but often don’t consider to be a security vulnerability are copiers and printers. In fact, copiers are such a prime target for cybercriminals that the Federal Trade Commission released a guide for business owners to help prevent potential threats.
Think about it, copiers are used daily to recreate or replicate information, often sensitive data, yet they aren’t treated with the same security safeguards as other devices, which means organizations are at risk every day without realizing it.
While many believe that cyberattacks can only happen through fully digital attacks such as ransomware or on the dark web, the truth is that physical devices offer plenty of opportunities for security breaches, be it by strangers entering your building or employees who either knowingly or unknowingly release this sensitive information.
As copier manufacturers have grown to understand the potential vulnerabilities in their copiers, they’ve built new security features. Ricoh has consistently been a leader in security and ensures that every device they produce is secure with the most up-to-date features. We’ll highlight some of the features Ricoh offers out of the box as well as other measures your organization can take to keep your copiers and your business secure.
How are your devices vulnerable?
- Malicious access via networks (ie malware, ransomware, leaked passwords)
- The tapping into and alteration of information over the network
- Information leaks from HDD storage media
- Unauthorized access via a device’s operation panel
- Break-ins through hacked fax or telephone lines
- Information leaks via missing or stolen hardcopies of documents
- Security policy breaches due to carelessness or lack of policy
Ensure Authorized Access
With the convenience of quickly capturing data there comes risks, scanned data may be seen by multiple employees at multiple touchpoints, and each touchpoint is a risk for that data being getting placed into the wrong hands. One simple way to prevent this is by ensuring that only authorized users complete certain actions on devices.
By controlling and managing who has access to specific information your organization can prevent unintentional improper use by employees as well as break-ins by bad actors.
Security Administrators within an organization can take advantage of these features and restrict access to certain features and data before the MFP is even used. Authorized users can be authenticated via network login or single sign-on via a card reader. You can then establish user-based accountability while improving security organization-wide. Knowing who is printing what and when can help you gain visibility into where there may be security gaps or abuse of a copier. Without such features, there isn’t a way to even know what data is missing or what devices are being misused, meaning organizations may not even know what they’ve lost until it’s too late to get it back.
Mobile Printing Vulnerabilities
The ease and convenience of mobile printing make it a draw for many end-users and organizations. Because of this mobile connectivity, printers and copiers become an easy target for hackers who take advantage of organizations that don’t think of the vulnerabilities associated with these features.
There are ways to make mobile-connected devices in your office more secure. By having IT configure all printers to support encryption and authentication you can keep them locked down to outside factors. One challenge with mobile-enabled copiers and printers is that their ports aren’t protected in the same way other vulnerable devices are, like computers and servers. Monitoring printers and copiers and building a firewall just like one would for a computer can help prevent these open ports from becoming a ripe entry point for hackers.
Release Print Jobs on your Terms
Some risks are glaringly obvious but are fortunately easily preventable. When a document is printed and left out on the paper tray, or worse, tossed aside, it’s left entirely vulnerable to anyone passing by or can be thrown out with the trash. Confidential or sensitive information is left out in the open for anyone to see — or steal. Ricoh Multi-Function Printers (MFPs) offer locked print capabilities that can hold encrypted documents on the MFP’s hard drive until the appropriate user arrives and enters a unique PIN code on the operating panel, or for enhanced security, can be directly tied to user accounts and only release print jobs when a card is authenticated on the device. By requiring users to walk up to an MFP before releasing a print job papers and information won’t be left out in the open.
With Ricoh’s Secured Document Release, print jobs won’t be submitted to a specific central printer or copier but will instead be encrypted and held in the originating user’s print queue. The user can then choose the MFP they print at and can opt to not use one in a high-traffic area with higher risks. The queue can be configured to be on-premise or in the Cloud, empowering your organization to have control over the data that gets held and printed on devices.
When utilizing features such as scan-to-email, you can provide an enhanced layer of security with encryption via public-key cryptography and a certificate of user verification that has been registered in the MFP’s existing address book. All devices built by Ricoh are already equipped with cryptographic security protocols (SSL and TLS) and can utilize strong encryption algorithms as well as provide audit trails and administrative control.
Keep Your Devices Up to Date
Older MFPs that don’t have the same security measures as current, modern ones are an easy target for hackers. Often outdated copiers and printers are used as long as they can still print, and typically aren’t well maintained and updated, creating vulnerabilities. Ricoh’s Always Current Technology (ACT) allows for automatic software updates on MFPs, meaning that potential security issues are regularly patched and updated remotely and instantly, not allowing for long periods of downtime where hackers can find an opportunity to enter the device.
Beyond just the initial investment of newer, more secure devices, it’s also imperative that an organization’s IT team is keeping any firewall and security features up to date. As mentioned before, copiers are often overlooked by IT but need to be treated with the same security measures as computers, servers, and other equipment. When MFPs have downtime due to service issues, employees may create workarounds and use less secure methods making copies and printers, or use unsecured equipment. Ricoh MFPs allow for remote insights and configuration, and usage, supplies, and service alerts. By receiving alerts on critical or near-critical service issues IT can quickly arrange for service and avoid downtime. Updates can also be made on a schedule to ensure they aren’t completed during peak usage hours.
Ricoh’s Device Management solutions allow for a centralized management and control point that provides the information needed to understand user behavior, configure machines, spot risks, and ensure smooth operation. They collect usage data for print, copy, scan, and fax that can help organizations gain visibility into how MFPs are being used.
It can also provide insight into crucial security settings like solutions installed on the device, open ports and protocols, password settings, and if there is a hard drive present. Administrators can create a set of security settings for each MFP and configure these policies across the entire fleet, which can then be shown on a central dashboard and monitored.
Where to Start
With all the security considerations regarding copiers and printers, it can be overwhelming to know how to get started. Ricoh’s enhanced devices coupled with the knowledge from a dealer and service provider who can ensure you have the tools you need for a secure fleet is the perfect pairing. The best way to get started is to take inventory of your current devices, how you use them, and who uses them. You can then make smart decisions regarding what to invest in next and seek out a service provider (like PiF) that can help you identify the exact MFPs and configurations you need. We’ll even help you establish the security settings you need to ensure that your entire organization is well protected.