It’s October again which means it’s Cybersecurity Awareness Month. Cybersecurity Awareness Month was launched by the National Cyber Security Alliance & the U.S. Department of Homeland Security in October 2004 as a collaborative effort between government and industry to ensure every American has the resources they need to stay safer and more secure online. After all, the line between our online and offline lives is indistinguishable. In these tech-fueled times, our homes, societal well-being, economic prosperity and nation’s security are impacted by the internet.
In bringing awareness to cybersecurity and staying safer online, each October focuses on different themes addressing specific challenges and identifying opportunities for behavioral change.
This year’s theme is “Do Your Part. #BeCyberSmart.” The theme empowers individuals and organizations to own their role in protecting their part of cyberspace. If everyone does their part – implementing stronger security practices, raising community awareness, educating vulnerable audiences or training employees – our interconnected world will be safer and more resilient for everyone. This includes office printer security.
Office Printer Security Risks for SMBs
One area that many people may not realize can be a top point of vulnerability are their printers and multifunction printers (MFPs). Printers and MFPs can be remotely managed; they can generate, store and retrieve a wealth of data; and they can allow access to your network. For hackers and malware looking for a way into a corporate network, unsecured IoT deployments like printers and MFPs are the perfect entry point, which is why office printer security should be a major concern for all organizations.
When you take a look at the economic impact of cybercrime on organizations, it becomes clear as to why security is such a concern. The impact can vary widely from organization to organization, but the Ponemon Institute found that cybercrime costs an organization an average of $11.7M annually. The World Economic Forum estimates the economic effects of this at around $3 trillion and estimated to grow to $6 trillion by 2021.
Small and mid-sized businesses have become the newest target for hackers because they typically devote limited resources and minimal funds to data defense, making them far more vulnerable – and much easier to attack. A 2016 Small Business Security survey shows that while 69% of small and mid-sized businesses have some controls in place to prevent attacks, 31% have no controls at all.
And while many organizations have policies and procedures in place for malware and attacks, data leakages, cloud computing and employee interactions, many still overlook print infrastructure security, which is a mistake. Print breaches are real, and they happen every day, and organizations should be concerned about printer security and taking action. However, only 24% of organizations are confident that their print infrastructure is protected.
You may be thinking, well, why not just secure your printers? It seems like it’s pretty straight forward but securing your print infrastructure is a complex challenge. A comprehensive strategy needs to cross several layers, from data and documents, to people and devices, to the overall rules and regulations governing your business. Not to mention, constant vigilance must be part of the strategy.
Xerox’s Four-Point Approach to Office Printer Security
Xerox devices powered by ConnectKey Technology, such as Xerox VersaLinks and AltaLinks, provide a comprehensive set of capabilities to keep your printers and data safe. Through partnerships with companies like McAfee, Xerox printers and MFPs offer benchmark office printer security protection through a multi-layered approach with an innovative whitelisting defense against viruses. There are four key aspects:
1. Intrusion Prevention
Every network access point is a potential entryway for malicious attacks, deployment of malware and misuse of unauthorized access to the device. User authentication and access controls serve as gatekeepers, controlling physical and network access to devices and their features, and safeguarding their associated data, whether transmitted or resident on the device.
2. Device Detection
MFPs, printers and other devices are often the targets of cyberattacks. The first line of defense is whitelisting technology, such as that from McAfee, which constantly monitors devices and automatically prevents unauthorized changes to their system firmware. The second line of defense is provided by verification tests, which provide alerts when harmful changes are made to system firmware. These can either run at startup or when activated by authorized users.
A further safeguard can be provided by maintaining profiles of approved devices in a system like the Cisco Identity Service Engine, which prevents nonapproved printers from connecting to the network. It automatically detects approved devices on the network for security policy implementation and compliance.
3. Document and Data Protection
Documents and data are the prize the cyberattacker seeks, and enterprises should protect against both intentional and unintentional transmission of critical data to unauthorized parties. Printed documents can be protected from unauthorized access by using a simple pin code entered at the device or a card scanning system to authorize printing only when the right user is at the device. A convenient solution is to use employee ID badges. This also helps in tracking the flow of documents to and from the printing device.
Many printing devices protect stored information by encrypting it. Many also delete processed or stored data that is no longer required, and the best use advanced data clearing and sanitization algorithms, such as those approved by the National Institute of Standards and Technology (NIST) and U.S. Department of Defense. Devices can be set up to automatically delete files after they’ve printed. Scans also can be safeguarded using encryption and password-protected files.
4. External Partnerships
Why struggle to meet security challenges alone, when experts are available to help you with advice, certifications to ensure effectiveness, and services that can meet your security needs? In reality, addressing an issue as large and dynamic as cybersecurity alone is a fool’s errand.
Many SMBs put the data security of their printer fleet in the hands of a knowledgeable Managed Print Services (MPS) provider. Look for one with a range of services and tools that can be adapted and expanded as business needs change — that measures performance against international standards with certifications like FIPS 140-2 and the Common Criteria to ensure its devices can be trusted in even the most secure environments. As cybercriminals deploy new tactics, these standards adjust. The NIAP — the National Information Assurance Partnership — overhauled its Common Criteria Certification standard not long ago, and it was important to get in front of it early. That is another important reason to work with partners. Cybercriminals make their living by getting a half step ahead of the security police. You need all the help you can get to stay a half step ahead of them.
Tips to Make Your Xerox Device Even More Secure
In addition to the built-in security features that help mitigate risk, here are some helpful tips that can make your Xerox device even more secure.
- Don’t connect your Xerox device directly to the public Internet. Make sure it’s behind a firewall or router so that only you and your users have access to it. This helps keep outsiders from accessing the machine and interrupting your business.
- Change default passwords on accounts such as the administrator and SNMP Community Strings so unauthorized individuals cannot take control.
- Passwords that you use should not be easy to guess- Make them at least 8 (eight) characters in length with a combination of letters (upper & lower case), numbers and special characters.
- Never share the administrator’s password with anyone who does not have a legitimate need to know.
- Enable TLS and validate any certificates used with the device.
- Enable/Disable any security features/services/ ports that are applicable for your environment. Best practice is to disable services and ports if you are not using them.
- Enable Image Overwrite.
- Ensure you have the latest software releases/patches.