Someone using an MFP

How to keep business data secure on your MFP or Printer

The need to protect the documents that are physically or electronically produced by your MFPs and Printers is an often-overlooked area of information security. Here we look at the ‘Output Security’ risks and vulnerabilities you need to consider in safeguarding your business.

Every time anyone prints, copies, scans or faxes a document it is vulnerable to being stolen or compromised. In fact, recent research from Quocirca, found that over 60 per cent of organisations have experienced at least one data breach due to a print related data loss.

However, when businesses list potential information security risks they rarely, if ever, think of networked MFPs and Printers as a problem. Some businesses may decide that if their Network Security measures are taken seriously and implemented carefully then these will be sufficient.

However, we believe a broader approach to security is necessary, one which not only secures the network, but also all output information and documents that are generated and shared outside of the organisation. In other words, securing connected peripherals is essential.

What is Output Security?

Output Security concerns the printed output and the electronic outputs from Multifunction Printers (MFPs) or Printers. This includes all printed documents and electronic images of information in transit to and from a computing device (PC, phone, tablet), to a printing device. Whether it is print (including printing through dedicated print servers), scanning (including scan-to-folder, scan-to-email, scan-to-cloud, scan-to-HDD) and information sent and received via fax.

Where are you vulnerable?

Printing (Copying)
The main information security risks related to the MFP or Printer are:

  • Open access to MFPs and Printers, i.e. anyone can walk up and use any printer, gaining access to the device functions and features, e.g. hard drives and memory of previous jobs.
  • Open access to printed documents left in the printer tray, where all office users / employees (and possibly even visitors) can access them. Compliance for regulations, such as GDPR, has also opened up a variety of questions about the data security implications of unattended print-outs.

Scanning
Scanning can add complications to the security process as documents can be scanned not only to network folders and emails, but also to external, cloud-based systems. The main risks are that confidential documents will be scanned to the wrong person, place or format:

  • Scanning business-sensitive documents to external destinations, i.e. scanning to personal rather than business email addresses.
  • Scanning to multiple folders, rather than to selected personal business folders or network folders, without an IT administrator approved document destination and structure.
  • Scanning without indexing, which could cause serious problems when trying to find scanned documents and audit scan-related activity. Not using device security features such scanning to encrypted, password protected pdf file format.

Faxing
Similarly to scanning, faxing could be a potential weak point in the company’s Output Security strategy. Whatever the transmission method – analogue faxing or sending faxes over an email – faxed documents are exposed to the same level of security breaches as scanned documents.

Mobile printing (BYOD)
As mobile working increases, businesses need to be able to support people printing from their phones or tablets, however, they also need to think about the additional security challenges involved. For example, how to control, track and manage the activities of mobile users accurately.

Tracking and reporting
A real problem for businesses is not only how secure their document-output channels are, but also how they track and report all their output information. The risks are:

  • An inability to track and report on user activities, e.g. who has printed what during a selected period.
  • An inability to track and prevent user data breaches, which could result in significant fines/charges due to strict security regulations, e.g. GDPR.
  • An inability to control and track mobile users and printing from mobile devices, like Smartphones and Tablets.

Securing Output Access
The growing number of documents generated by companies brings significant challenges when controlling the IT environment, making Output Security essential for every modern business regardless to its size.

An Output Management system gives you flexible protection. From allowing IT administrators to grant and control access to all printers, to tracking software that lets them see all activities across all devices and identifies data breaches, there are tools available to give you comprehensive protection.

Sharp offers a range of Output Management solutions explained in the free white paper, Output Security, visit our White Paper page to download and find out more.

Learn more