Story image

How MFDs could be putting SMEs at risk of a security breach

07 May 2019

The multifunction device (printer, copier, scanner, etc) could be putting your business at risk just by being insecure by default, warns Konica Minolta.

While multifunction devices (MFDs) are essential for businesses who benefit from small footprints and plenty of capabilities, internet connectivity to those devices can be a security issue.

This is because attackers can gain access to MFDs, and potentially the entire business network. For example, employees may use their smartphone or tablet to connect to the MFD to print documents for a meeting. 

An attacker can create a malware app that infects the mobile device without the user knowing. That app can then attach itself to a cloud print job, meaning it gets downloaded to the networked MFD. From there, it can infect the entire network. 

“Businesses are increasingly connecting their MFDs to the internet. This means they have the same connectivity as PCs and laptops; and the same vulnerabilities. Yet many SME owners and managers aren’t aware of the potential threat that could be sitting right out in the open,” comments Konica Minolta director of marketing and innovation, Shand Blandford.

“It’s also important to remember that MFDs have a built-in memory, which means they store copies of printed, scanned, and photocopied documents. If someone accesses that memory, they can potentially view all of those documents, some of which may be confidential or commercially sensitive.”

That information could also end up in the wrong hands long after businesses have finished using their MFDs. 

“If the business donates or recycles its MFDs, or on-sells them, there could be a risk of unauthorised access to the documents in the hard drive,” says Blandford.

Even a humble printout sitting in the tray is a security risk. Employees often print documents then either forget to retrieve them from the printer (often printing them again, wasting paper), or don’t retrieve them until later in the day. While those documents are sitting in the MFD’s output tray, they’re vulnerable to being picked up and read or copied by anyone passing by. 

While this may not seem like a significant risk in some SMEs, in others, the nature of the information they’re working with could make it a real problem. For example, if a client list is printed out and a departing employee picks it up off the printer and takes it to a competitor, it could put the business at risk,” says Blandford.

Here are three ways to minimise the security risks from MFDs:

1. Use the device’s inbuilt security features. Most modern MFDs have security capabilities to protect the data but these settings will need to be activated. It’s also important to remember to update usernames and passwords rather than leave them on their default settings. Users should create unique usernames and passwords that are hard to guess. 

2. Leverage optional security features. It’s important to add security features such as data encryption to further harden security on the MFD and enhanced document encryption methods to protect confidential information from getting into the wrong hands. If the business regularly sends sensitive or confidential information to the MFD, these could be a good option. 

3. Limit access to authorised users. Businesses can eliminate the risk of unclaimed printouts sitting on the printer and creating a security risk by implementing pull printing functionality. This ensures only authorised users can print and collect sensitive documents by requiring them to enter a PIN or swipe a card at the device before the job will be released. 

What the future of fibre looks like in NZ
The Commerce Commission has released its emerging views paper on the rules, requirements and processes which will underpin the new regulatory regime for New Zealand’s fibre networks.
Gen Z confidence in the economy is on the decline
Businesses need to work hard to improve their reputations.
Why NZ businesses have less than two years to adopt digital before disruption hits
Research found that digital disruption is already impacting two-thirds of New Zealand organisations.
Infratil seeks clearance to acquire up to 50% stake in Vodafone NZ
The commission will give clearance to a proposed merger if they are satisfied that the merger is unlikely to have the effect of substantially lessening competition in a market.
Hands-on review: MiniTool Power Data Recovery Software
I came across a wee gem of advice when researching the world of data recovery. As soon as you get that sinking feeling and realise you’ve lost a file, stop using your computer.
Deepfakes the 'next wave of concern' - but can law really stomp it out?
Enforcing the existing law will be difficult enough, and it is not clear that any new law would be able to do better. Overseas attempts to draft law for deepfakes have been seriously criticised.
Acquia delivers open source framework for contextual commerce
The framework connects the Drupal open source web content management system with e-commerce platforms from Acquia partners.
You only get one chance to make a first impression
Regardless of where you come from one thing is for certain, businesses only get one chance to make a first impression.