MFPs � An Overlooked Security Risk

By Lauren Simonds | Posted July 06, 2004
Worms, Trojan horses, viruses and malware — different types of security threats you've heard about and (we hope) taken steps against to protect your business data. But now — just as you thought you had a grip on your company's security issues and how to deal with them — comes a new threat by way of a most unlikely source. The multifunction peripheral (MFP) you bought to handle your company's scanning, printing, copying and faxing needs.

Sharp Electronics Corporation, a leading manufacturer of MFPs, recently received the BERTL's Best Award for innovation in security solutions. We asked Vince Janelli, a Sharp senior product manager, to bring us up-to-date on MFP security issues and how Sharp products protect the networked data that goes through them.

The Anatomy of an MFP
MFPs evolved from copiers back in 1999. Inside, they're essentially computers — complete with hard drives and memory — that capture and manipulate image data and convert it into bits and bytes. Every time someone prints, scans copies or faxes a document, the MFP retains that information in its memory where it's vulnerable to attack by unauthorized personnel. "For companies that deal with highly sensitive data found in financial, healthcare, accounting, legal or public sector industries, the risk is unacceptable," says Janelli.

Human error also plays a role. How many times have you printed a confidential document or email only to be distracted by a phone call or colleague and left your print out sitting in the paper tray? "Essentially you've got two main issues, " says Janelli. "First, you need to protect the MFP from denial of service attacks and unauthorized access through network ports. Second, you have to protect the confidentiality of the data. Sharp's Security Kit addresses these two issues."

Evaluate Your Security Level
According to Janelli, Sharp advocates a scalable, layered approach to securing MFPs. For example, a custom-printing company might require a standard level of security, financial or healthcare businesses should maintain a heightened security level, and companies that specialize in law, research and development or the military would need the top level of security.

"The Data Security Kit offers six steps, or layers, of security, says Janelli. "This gives small business owners the flexibility they need. They can evaluate their data security requirements and add more layers accordingly." The six steps include:

•Securing The User:
You can limit authorized access to the MFP by using internal account codes. In addition, you can configure certain Sharp Imagers to require users to authenticate them on the network first. "This is especially important," says Janelli. "It prevents anonymous scan-to-email access. People will always know who sent the email."

•Securing the Output:
This is the feature that keeps you from leaving documents in the printer tray. Confidential Print requires that you enter a PIN number in two places: the Print Window and the MFP's LCD panel. "This gives you better control," says Janelli. "You can enter the PIN number and hit the print command from your desktop computer. It won't make a difference if you then get distracted, because your document won't print until you go over to the MFP and enter the proper code."

•Securing the Image Data:
As we mentioned above, MFPs keep data stored in its memory. The Data Security Kit handles this in two ways; the MFP uses 128-bit encryption to secure the data before it ever reaches the unit's hard drive or memory. You can then set the MPF to "sanitize" the drive and memory by overwriting the data — whenever it powers on, on a scheduled basis or on demand.

•Securing the Network Access:
A networked MFP that isn't properly protected provides the outside world direct access to all your confidential business data. "You can disable Internet protocols and close ports to reduce outside threats," says Janelli. "And Sharp's Secure Network Interface Card (NIC) lets you use IP filtering so that only certain known people inside your organization have access to the networked MFP."

•Securing the Audit Trail:
Being able to track and monitor every page that' printed or copied is especially important if you have to meet certain federal regulatory guidelines such as Sarbanes-Oxley, Graham Leach Bliley and HIPPA. Sharp's Equitrac Office generates detailed activity reports (by user, device, department or billing code) for auditing purposes.

•Securing the Document Rights:
Highly sensitive documents require special tracking, and Sharp uses AirZip's FileSECURE to track where the documents go and who access them. "It's like having a Lo-Jack on each document," says Janelli, "so you know where each one is at any given time." Files are protected with both 256-bit encryption and file access permissions (View, Print Copy, Control), and you can set access privileges to start and expire at predetermined times.

Cover All the Bases
"Most people know that they need to invest in physical security, network security, firewalls and data backup," says Janelli. "But too many small business owners overlook the security risks inherent in their office equipment. Evaluate your networked printers and MFPs from a security point of view, and use a layered approach to protect your greatest asset — your business data."

Lauren Simonds is the managing editor at SmallBusinessComputing.com

Do you have a comment or question about this article or other small business topics in general? Speak out in the SmallBusinessComputing.com Forums. Join the discussion today!

Comment and Contribute


     

    Get free tips, news and advice on how to make technology work harder for your business.

    Submit
    Learn more
     
    You have successfuly registered to
    Enterprise Apps Daily Newsletter
    Thanks for your registration, follow us on our social networks to keep up-to-date