Most companies pay significant attention to protecting data while it is at rest in storage or in use in an application, but what about when data is printed in documents? This could be a security breach waiting to happen. HP offers us some best practices around securing printers and the documents they produce.
Here's a riddle for you: When is a printer not a printer? Answer: When it is a sophisticated document and data storage device on your network. Those workhorse departmental printers sprinkled throughout your office can be an easy source for a data breach. In addition to documents that lay unprotected in output trays, printers store information in memory that can be recalled or intercepted inappropriately. These devices should be managed and protected, just like the rest of your IT infrastructure.
Hewlett-Packard has compiled some best practices around securing your printers and the data they hold that are worth reviewing.
First, secure the device: Start by defending your data at the printing source. If you have got printers that are out in the open, move them into a controlled access area, or at the very least, physically secure your devices. Use a lock that requires a physical key in order to remove the printer. Disable physical ports to prevent unauthorized use. Control access to preprinted security paper (such as checks) to prevent theft or unauthorized use.
Further control access by requiring authentication and authorization for access to device settings and functions to help eliminate security breaches and reduce printing costs. HP suggests you deploy options such as PIN authentication, LDAP authentication, smart cards, proximity badges and biometric solutions. Your printers also may have built-in access control software or other facilities.
If you are retiring a printer or returning it to a leasing agency, be sure to remove any data that may be left in the device's memory. Prevent a breach by ensuring that the device's hard disk is erased, destroyed or removed upon retirement.
Next, secure the data: Sensitive data is vulnerable as it traverses the network wire (or airwaves) to the printer and when it sits in the printer memory or storage. Here are a few tips to protect the data.
Encrypt your print jobs to protect data in transit in the event they are intercepted, and use encrypted storage as documents wait to be printed.
Protect data before it reaches the device tray by authenticating users and tying them to their specific documents. Require that document owners authenticate themselves to the printer before pages will print.
After a document has printed, do not store the document or even data about the completed job on your printer.
Protect your documents: How often have you gone to pick up your printout and found multiple documents in the printer tray or sitting around nearby? These documents can be viewed or carried off by anyone, creating a security risk. If your printer has the capability, activate pull or push printing to reduce unclaimed documents. Users can print to a secure network, authenticate themselves, and retrieve jobs when and where necessary.
High value documents such as checks or prescriptions must have tight security. Consult with your printer vendor for solutions to protect extremely sensitive documents.
Monitor and manage your print environment: There's more to managing your print environment than securing documents. There are tools and utilities that help you track and record print jobs to monitor usage and audit printing practices. Such utilities can help you identify workers who may be abusing their print privileges or ignoring company policies, and can show you opportunities for reducing print jobs and saving money.
For more information about securing your documents and printing environment, consult the HP Imaging and Printing Security Center.
Linda Musthaler is a principal analyst with Essential Solutions Corporation. You can write to her at LMusthaler@essential-iws.com.
About Essential Solutions Corp:
Essential Solutions researches the practical value of information technology, and how it can make individual workers and entire organizations more productive. Essential Solutions offers consulting services to computer industry and corporate clients to help define and fulfill the potential of IT.