Reflecting concern that staff are not taking printer security seriously enough, McAfee and Xerox revealed they are teaming up to protect sensitive data stored on office printers.
The news comes as yet another survey finds that staff are either not aware of their company’s security policies or not bothering to follow them. More than half of employees didn’t always follow their organisation’s IT security policies and 21 percent weren’t aware of what they were, according to a survey jointly commissioned by Xerox and McAfee released 14 February.
These finding are consistent with previous surveys where staff admitted to ignoring policies that weren’t convenient, restricted them from doing their jobs or weren’t enforced at all.
Pointing to the survey results as a sign that some of the biggest threats to corporate data come from inside the organisation, McAfee announced plans to integrate its security software inside Xerox products to protect proprietary company data. The new security system would rely on a whitelisting method that would allow only approved files to run on the device instead of trying to maintain a blacklist of malicious programs that could try to extract the data or take control of the device.
Despite the fact that most modern printers, copiers and other multi-function machines store images of documents in their embedded hard drives, only 6 percent of the respondents considered these devices to pose a serious threat to the company’s network.
In a recent study of European and US enterprises by research firm Quocirca, only 15 percent of the respondents were concerned about losing data with these devices.
“Given the legal and financial ramifications of a data leak, as well as potential brand damage, businesses need to wake up to the print security threat,” Louella Fernandes, a principal analyst at Quocirca, wrote in a research note.
Printers, scanners and similar devices were not considered a security threat when they were first designed. However, the threat landscape has changed, and organisations are concerned about securing years of confidential and proprietary data from data loss or theft. These devices are on the network or are connected to the Internet, have hard disk drives containing data, and have embedded software, making them more than just peripherals, said Fernandes.
Although multi-function printers (MFPs) are an “intrinsic part” of the IT infrastructure, organizations “remain oblivious” to the security risks, Fernandes wrote.
In the McAfee and Xerox survey, 39 percent of employees who copy, scan or print confidential information at work said they were worried whether the information being stored on these devices would remain secure. Of that group, 86 percent said they were somewhat worried about personal information that was being stored.
Organisations need to take a layered approach to secure printers, said Fernandes, who advocates using hard-disk encryption and disabling network ports on these devices. It departments should also issue ass codes to release jobs sent to the printer so that unauthorized employees cannot just walk away with the information.
Only 13 percent of employees said their company requires them to enter a password or pass code to access the device, according to McAfee’s survey.
The McAfee partnership will make printer security much easier for IT teams as the technology will be available “out of the box” for Xerox products, said Fernandes.
How well do you know Internet security? Try our quiz and find out!