Story image

How MFDs could be putting SMEs at risk of a security breach

07 May 2019
Twitter
Facebook

The multifunction device (printer, copier, scanner, etc) could be putting your business at risk just by being insecure by default, warns Konica Minolta.

While multifunction devices (MFDs) are essential for businesses who benefit from small footprints and plenty of capabilities, internet connectivity to those devices can be a security issue.

This is because attackers can gain access to MFDs, and potentially the entire business network. For example, employees may use their smartphone or tablet to connect to the MFD to print documents for a meeting. 

An attacker can create a malware app that infects the mobile device without the user knowing. That app can then attach itself to a cloud print job, meaning it gets downloaded to the networked MFD. From there, it can infect the entire network. 

“Businesses are increasingly connecting their MFDs to the internet. This means they have the same connectivity as PCs and laptops; and the same vulnerabilities. Yet many SME owners and managers aren’t aware of the potential threat that could be sitting right out in the open,” comments Konica Minolta director of marketing and innovation, Shand Blandford.

“It’s also important to remember that MFDs have a built-in memory, which means they store copies of printed, scanned, and photocopied documents. If someone accesses that memory, they can potentially view all of those documents, some of which may be confidential or commercially sensitive.”

That information could also end up in the wrong hands long after businesses have finished using their MFDs. 

“If the business donates or recycles its MFDs, or on-sells them, there could be a risk of unauthorised access to the documents in the hard drive,” says Blandford.

Even a humble printout sitting in the tray is a security risk. Employees often print documents then either forget to retrieve them from the printer (often printing them again, wasting paper), or don’t retrieve them until later in the day. While those documents are sitting in the MFD’s output tray, they’re vulnerable to being picked up and read or copied by anyone passing by. 

While this may not seem like a significant risk in some SMEs, in others, the nature of the information they’re working with could make it a real problem. For example, if a client list is printed out and a departing employee picks it up off the printer and takes it to a competitor, it could put the business at risk,” says Blandford.

Here are three ways to minimise the security risks from MFDs:

1. Use the device’s inbuilt security features. Most modern MFDs have security capabilities to protect the data but these settings will need to be activated. It’s also important to remember to update usernames and passwords rather than leave them on their default settings. Users should create unique usernames and passwords that are hard to guess. 

2. Leverage optional security features. It’s important to add security features such as data encryption to further harden security on the MFD and enhanced document encryption methods to protect confidential information from getting into the wrong hands. If the business regularly sends sensitive or confidential information to the MFD, these could be a good option. 

3. Limit access to authorised users. Businesses can eliminate the risk of unclaimed printouts sitting on the printer and creating a security risk by implementing pull printing functionality. This ensures only authorised users can print and collect sensitive documents by requiring them to enter a PIN or swipe a card at the device before the job will be released.