Step No. 3: Protect the Network

By Michael Howard  |  Posted 2010-11-23

How to Safeguard Your Printing Environment

Data breaches are big business of the worst kind but, despite their costliness, such breaches are all too common. We have all heard the horror stories of hackers accessing secured networks or of thieves stealing laptops to gain unauthorized access to confidential information, sensitive intellectual property (IP) and financial data-viable threats that every IT manager works diligently to defend against.

However, there are often hidden security risks that organizations need to address. One vulnerability that is too often overlooked-and may be leaving you susceptible to attack-is your network of printing and copying devices.

Printers have evolved from simple output devices to multifunction, Internet-connected tools with robust capabilities. They can pose similar security risks as personal computers. Today's multifunction printers (MFPs) serve as an on-ramp and off-ramp to the network, so security practices need to extend beyond just the device to address the document and the network.

Here are three steps that you can follow to better secure your documents, printing devices and network:

Step No. 1: Secure the document

The first area of focus should be securing the document. As we all know, oftentimes when employees print and retrieve a document, there are several in the tray-many of which were printed hours before and contain highly confidential information. How many documents are sitting at your printer right now? This is the most common breach of confidential information.

For example, at a major financial institution, initial public offering (IPO) documents were laying in the output tray of an unsecured printer where the documents were available to junior traders and investors. Unauthorized sharing of the information resulted in $7 million dollars of profit loss, unspecified fines to the institution and dismissal of analysts at the firm.

This type of exposure is easy to avoid. The best solution is employee verification. When an employee sends a document to the printer, the job is not immediately printed. Instead, it is stored on the printer or an external server until the employee is verified. Verification can be done through a variety of solutions such as proximity ID badges, smart cards and even biometrics (including fingerprint scanning). Once an employee is verified, the document is printed and never needs to sit unattended in an output tray. It is important to check with your vendor as some of these security solutions are provided as standard features and simply need to be enabled.

Step No. 2: Secure the Device

Step No. 2: Secure the device

Many people do not know that many imaging and printing devices have a hard disk that is similar to the hard drive in your computer. That means every piece of information in a print job or associated with a print job can end up on an unprotected hard disk-especially if a device does not have a file erase feature enabled that will delete this information after the print job is completed. These hard disks can store hundreds to thousands of documents that can be saved for years.

You should also consider this if the printer or MFP is sent out for repairs or a repair technician comes into the office. When you replace a printer or MFP, what happens to the old device? An unprotected hard disk with stored information is the equivalent of allowing your server to be taken out of your business.

The first step to securing the device is to encrypt the data on the hard disk. Even if someone tried to access the disk, encryption would prevent them from reading the data stored on it. The next step is erasing the data after a document has been printed to prevent the data from being unnecessarily stored and potentially accessed-this can be enabled at installation.

Many solutions offer flexible options, including setting a schedule that automatically deletes the hard disk by either erasing it file by file or removing the contents entirely. This is especially helpful when sending a printer out of the building to be repaired or returning it at the end of a lease.

Step No. 3: Protect the Network

Step No. 3: Protect the network

All documents printed from a PC to an imaging or printing device must travel through the network. It is surprisingly easy to "catch" a print job as it travels over the network to one of these devices. Not only do intercepted print jobs expose the information held within the document, but they can also expose passwords and destination addresses (as well as other sensitive network information).

For example, the man-in-the-middle (MITM) attack reroutes information to a computer first, allowing them access to the data. Print jobs can be rerouted to a different printer or a computer without anyone knowing. Students at a prestigious university rerouted print jobs that were being sent from their professor's computer to the department printer. This resulted in full access to the final exam before it was administered. If college students are doing this to cheat on tests, imagine the risk for financial institutions and healthcare organizations.

The solution: encrypt traffic on the network. Encryption can be all-inclusive or customized according to the users or devices involved. Companies can print documents using a variety of solutions that encrypt and secure files, making them nearly impossible to read if rerouted or intercepted.

Final thoughts

As attacks increase in sophistication, enterprises should implement security features that are included in most MFPs and upgrade security features as indicated by specific industry needs. The three simple steps to follow to better secure your infrastructure include securing the document, securing the device and protecting the network.

For more information about protecting imaging and printing assets, refer to the National Institute of Standards and Technology (NIST) Website to view NIST-certified security checklists which contain instructions and procedures for configuring IT devices to a baseline level of security.

Michael Howard is Worldwide Business Development Manager for the Security Solutions organization of HP's Imaging and Printing Group. With more than 25 years of experience in the security and high technology field, Michael is responsible for educating customers on the importance of security policies and procedures around imaging and printing, as well as working with the HP Labs. He can be reached at

Rocket Fuel