Seven Essential Printer Security Steps

Seven Essential Printer Security Steps

Fortunately, securing your printer and MFD endpoints doesn't have to be difficult. Regardless of the size of your company, here are seven essential steps you can take:

1. Control access to devices and administration settings

Only let your network administrator change passwords, account names or other settings on the device. They should change all default passwords and account names, be charged with configuring device and security settings and be able to remotely change settings.

2. Require users to enter PIN, ID and password, or use a card login to retrieve print jobs

Almost half of the data losses reported in the Quocirca study were due to leaks caused by unclaimed print jobs picked up from printer/MFD exit trays. Don’t let the device print a job unless the user is at the device. Using a print management system with “follow me” printing provides the convenience of being able to accomplish this at any printer on the network.

3. Encrypt data between computer and print device and on the hard disk drive (HDD)

It’s good practice to encrypt all network traffic, including print jobs going over the network, to prevent interception of vital data.

Almost all office MFDs have an HDD to spool and store data that will be printed or sent using scan and send or fax features. Encrypting the data as it resides on the HDD (using the FIPS 140-2 security standard) makes it difficult or impossible for hackers to read it. Erasing the data on the HDD makes sure the data is also overwritten. When disposing of any printer or MFD, the HDD erasure should be verified, or the HDD should be removed and destroyed separately.

4. Restrict scan users and destinations; encrypt PDFs

The most used “multifunction” on today’s MFDs is scanning, and unrestricted scanning can mean unwitting or malicious guests and insiders can scan documents into the wrong hands. Protect those documents by creating encrypted PDFS, setting permissions and passwords and even adding digital signatures when scanned at the MFD.

5. Regularly check for and implement firmware updates

This ensures the latest security setting and features are available for your print device. Make sure any firmware updates are digitally signed by the manufacturer of the device.

6. Use a print platform that integrates with a SIEM system

If you use a Security Information and Event Management (SIEM) system, work with a printer or MFD provider that has a platform that integrates with it. Having visibility to changes in settings, failed authentication attempts or new applications being added provides the insight you need to react and defend your company’s data and reputation.

7. Use features that protect the printer from malware and tampering at startup and during operation

Use a print device that has something like McAfee Embedded Control that verifies, at device startup, the boot code, operating system, firmware, and any application running on the device has not been tampered with. If it finds tampering, make sure it doesn’t allow the device to start up. Whitelisting and runtime intrusion detection should also be present.

Manufacturers like Canon have whitepapers and Security Hardening Guides that go over many other security features, settings, and steps that can be used. Your local MFD provider can help you determine the best products, settings, and strategies that can help you harden your printer and MFD endpoints, making them a better-protected part of your network.