Multifunction devices (MFDs) are a boon for small and medium-sized enterprises (SMEs) who benefit from their small footprint and big capabilities. However, some SMEs could unwittingly be creating a security vulnerability in their business by failing to secure their devices.
Businesses are increasingly connecting their MFDs to the internet. This means they have the same connectivity as PCs and laptops; and the same vulnerabilities. Yet many SME owners and managers aren’t aware of the potential threat that could be sitting right out in the open.
The connected nature of MFDs means hackers can potentially access the business network by connecting to them. For example, employees may use their smartphone or tablet to connect to the MFD to print documents for a meeting. An attacker can create a malware app that infects the mobile device without the user knowing. That app can then attach itself to a cloud print job, meaning it gets downloaded to the networked MFD. From there, it can infect the entire enterprise network.
It’s also important to remember that MFDs have a built-in memory, which means they store copies of printed, scanned, and photocopied documents. If someone accesses that memory, they can potentially view all of those documents, some of which may be confidential or commercially sensitive.
This is a risk not just because MFDs can be hacked through their internet connectivity but also because many businesses don’t know where their MFDs end up when they’ve finished with them. If the business donates or recycles its MFDs, or on-sells them, there could be a risk of unauthorised access to the documents in the hard drive.
MFDs also present a security risk from unclaimed printouts. Employees often print documents then either forget to retrieve them from the printer (often printing them again, wasting paper) or don’t retrieve them until later in the day. While those documents are sitting in the MFD’s output tray, they’re vulnerable to being picked up and read or copied by anyone passing by.
While this may not seem like a significant risk in some SMEs, in others, the nature of the information they’re working with could make it a real problem. For example, if a client list is printed out and a departing employee picks it up off the printer and takes it to a competitor, it could put the business at risk.
There are three ways to combat these risks:
1. Use the device’s inbuilt security features. Most modern MFDs have security capabilities to protect the data but these settings will need to be activated. It’s also important to remember to update usernames and passwords rather than leave them on their default settings. Users should create unique usernames and passwords that are hard to guess.
2. Leverage optional security features. It’s important to add security features such as data encryption to further harden security on the MFD and enhanced document encryption methods to protect confidential information from getting into the wrong hands. If the business regularly sends sensitive or confidential information to the MFD, these could be a good option.
3. Limit access to authorised users. Businesses can eliminate the risk of unclaimed printouts sitting on the printer and creating a security risk by implementing pull printing functionality. This ensures only authorised users can print and collect sensitive documents by requiring them to enter a PIN or swipe a card at the device before the job will be released.
Shane Blandford, Director of Marketing and Innovation, Konica Minolta