Data is valuable, and therefore it’s vulnerable. We’ve all seen the headlines: the breaches, the leaks, the ransomware, and other malware attacks. And today, most organizations have robust security measures in place to protect their network data, including protecting common network access points such as laptops, desktops, even phones.
But what about the printers, scanners, copiers, and all-in-ones?
If a device is connected to the network – as nearly all printers are – it is an access point. Did you know that printers come with pre-set admin passwords? Guess who else knows… hackers. It only takes a few minutes to change those passwords, but at many companies the I.T. team might not be able to get around to it as much as they would like. The result? The “doors” to the network are left wide open.
Network Security vs. Device Security vs. Document Security
Yet while it is external breaches that usually make the headlines, comprehensive data security includes more than protecting network data from domestic and overseas bad actors.
Device security is about access to a specific printer, scanner, or copier. Every organization must ask itself: Which functions should be available to which groups of users? Which individual users? Multi-function devices have the capability to scan and send a document anywhere in the world over the internet, or fax it to anyone through a phone line. Government agencies are aware of this risk, but many companies aren’t.
Document security (as the term suggests) is about protecting the documents themselves. When a document is printed, who can retrieve it? When a document is scanned, who can read it? Where can it be sent? When printed, sensitive material such as financial data or personal information can easily be picked up accidentally… if no protections are in place.
So Now What?
At every organization, the first step in strengthening print security is to make sure everyone is aware of the issues. The next step is to assess the specific risks, then design and implement a comprehensive program.
Finally, the most important – and often most difficult – step is to make sure everyone takes responsibility: executives, I.T. staff, and end-users must commit both to following processes that help minimize cyber risk and to avoid those that don’t. It isn’t easy. Data security requires more effort and more vigilance than many companies are willing to invest in. And the hackers know it.