Concerned that employees are not taking IT security policies seriously, McAfee and Xerox are teaming up to protect sensitive data stored on office printers.
Yet another survey found that employees are either not aware of their company’s security policies or not bothering to follow them. More than half of employees didn’t always follow their organization’s IT security policies and 21 percent weren’t aware of what they were, according to a survey jointly commissioned by Xerox and McAfee released Feb. 14.
These finding are consistent with previous surveys where employees admitted to ignoring policies that weren’t convenient, restricted them from doing their jobs or weren’t enforced at all.
Pointing to the survey results as a sign that some of the biggest threats to corporate data come from inside the organization, McAfee announced plans to integrate its security software inside Xerox products to protect proprietary company data. The new security system would rely on a whitelisting method that would allow only approved files to run on the device instead of trying to maintain a blacklist of malicious programs that could try to extract the data or take control of the device.
With more than 50,000 new security threats emerging each day, protecting sensitive company information can be intimidating for IT managers especially when you consider that any device sitting on the network, from a PC to a fax machine, can be exposed to those threats, said Rick Dastin, president of the enterprise business group at Xerox.
Despite the fact that most modern printers, copiers and other multi-function machines store images of documents in their embedded hard drives, only 6 percent of the respondents considered these devices to pose a serious threat to the company’s network.
In a recent study of European and U.S. enterprises by research firm Quocirca, only 15 percent of the respondents were concerned about losing data with these devices.
“Given the legal and financial ramifications of a data leak, as well as potential brand damage, businesses need to wake up to the print security threat,” Louella Fernandes, a principal analyst at Quocirca, wrote in a research note.
Printers, scanners and similar devices were not considered a security threat when they were first designed. However, the threat landscape has changed, and organizations are concerned about securing years of confidential and proprietary data from data loss or theft. These devices are on the network or are connected to the Internet, have hard disk drives containing data, and have embedded software, making them more than just peripherals, said Fernandes.
Although multi-function printers (MFPs) are an “intrinsic part” of the IT infrastructure, organizations “remain oblivious” to the security risks, Fernandes wrote.
In the McAfee and Xerox survey, 39 percent of employees who copy, scan or print confidential information at work said they were worried whether the information being stored on these devices would remain secure. Of that group, 86 percent said they were somewhat worried about personal information that was being stored.
Organizations need to take a layered approach to secure printers, said Fernandes, who advocates using hard-disk encryption and disabling network ports on these devices. It departments should also issue ass codes to release jobs sent to the printer so that unauthorized employees cannot just walk away with the information.
Only 13 percent of employees said their company requires them to enter a password or pass code to access the device, according to McAfee’s survey.
The McAfee partnership will make printer security much easier for IT teams as the technology will be available “out of the box” for Xerox products, said Fernandes.