Log in

ISM Article

Safeguarding Today's Office Equipment

4 Aug, 2003 By: Peter Cybuck imageSource

Safeguarding Today's Office Equipment

Today's office
equipment customers are concerned with data security like never before. A high
number of industries, such as healthcare, government, finance, insurance,
manufacturing and professional services are now under mandate to safeguard the
manner in which they handle data. Therefore, office equipment dealers need to be
able to address these concerns by first understanding the security risks
associated with office equipment, then learning how to plug those holes.

Security Holes - Where Are They?

Office peripherals are typically equipped with a great deal of memory, even hard
drives, similar to those in desktop computers. The memory is used to buffer the
documents that are copied, printed, scanned and faxed. What most users don't
realize is that the document information remains in that memory when they walk
away from the machine. The retained document data has unsettling ramifications
for security-conscious customers: it can expose thousands of pages of
confidential data to clever insiders and to enterprising cyber-thieves with
enough savvy to hack into the machine through its network interface.

It's easy to lose
control of the document data residing in the memory of office equipment.
Instances such as moving a copier/printer/MFP to another department or selling
it back to a broker after the lease expires, or taking it off site for repair or
upgrade, all leave the hard disk or MF controller exposed to data theft.
Residual confidential document data can remain on a hard disk years after a
print or copy job is completed.

The following chart
identifies the most common security risks associated with office equipment



  • Unauthorized copying

  • Documents stored on the hard disk and retained in


Data access through network interface· Use of print
controller to redirect an attack to a network server· Unauthorized
printing· Multiple print files stored in integrated print servers·
Print files stored in print mailboxes · Documents in open trays on
unattended printers

Scan-to-e-mail or desktop
  • Unauthorized scanning

  • Anonymous scanning to remote sites

  • Data retained in memory after use

  • Documents sent through third-party e-mail providers

  • Document data retained in memory

  • Unauthorized access

  • Documents sent over the public telephone network

Plugging Those
Security Holes Encourage your customers to set these five data security goals:

  • Limit access to
    MFP functions - such as copy/print/fax/scan - to authorized users only.

  • Install
    network-based software to monitor use and red-flag abuse.

  • Protect MFP
    devices from hacking by using secured network interfaces.

  • Automatically
    erase the data retained by office equipment to prevent the possibility of it
    falling into the wrong hands.

  • Protect
    confidential electronic document information from accidental or intentional
    viewing or distribution.

The following chart
details solutions to office equipment security risks. These solutions will help
your customers meet their data security goals.




Use Mag Cards
& PIN Access to control access· Overwrite the hard disk and/or RAM
after each use· Encrypt data sent to hard disk or RAM· Audit copy
activity with automated network-based software· Announce auditing
procedures to deter unauthorized use.


Implement ID
Card and PIN to control access to printer· Overwrite hard disk and RAM
of MF controller after each use· Encrypt data sent to hard disk or MF
controller· Automatically audit print activity with server-based
software · Announce auditing procedures to deter unauthorized use· Use
"Security Enabled" Ethernet Cards to secure the network
interface· Use an encrypted Virtual Private Network (VPN) to deliver
print jobs.

Scan-to-e-mail or desktop

Network Log-on to control access all scan-to-file and scan-to-e-mail
service.· Audit scanner use with network based software· Use
"Security Enabled" Ethernet Cards to limit connection
options· Automatically encrypt and overwrite data after jobs are
completed.· Use a secured Virtual Private Network (VPN) to secure


encrypt and overwrite all fax documents buffered in or received by the
MFP / Fax after the job is complete· Use Mag Cards & PINs to
control access and retrieve jobs· Use encrypted secure fax solutions to
assure privacy.

The importance of
auditing office activity cannot be overstated. It will give users the ability to
view who/what/when/where an individual is printing, copying, or scanning,
allowing them to identify abuse at an early stage. Public awareness of auditing
will deter unauthorized use of equipment. It will also give users the data they
need to intelligently deploy printing and copying resources across their
organization, helping to hold down costs.

Remind your
customers to consider these facts when examining their internal security
solutions: o All memory (i.e. RAM) must be addressed, not only the hard disks. o
All job data written to RAM, Disk, or Flash Memory should be immediately
encrypted. o The encrypted data should be automatically overwritten after each
job to minimize the threat of data recovery. o Repeated overwrites with
randomized data are recommended to degrade remnant data beyond the initial
overwrite. o A volatile key for the encrypted data provides protection in the
event of a power failure or any interruption that occurs before the overwrite
software overwrites the data. o Network interface security is just as critical
as memory security.

Office product
manufacturers are well aware of the security holes that exist in common
peripherals, and have developed security solutions that can be tailored to your
customer's needs and budget. Don't let customers wait to plug their office
security holes-teach them to take a closer look at their enterprise and
determine the risks they currently face. An ounce of prevention, as they say, is
worth a pound of cure.

- - -

Peter Cybuck, is the
Senior Manager of Business Development for Sharp Document Solutions Company of

imageSource Magazine Quick Links
Upcoming Events
ITEX Expo & Conference
©2015 Questex, LLC. All rights reserved
Reproduction in whole or part is prohibited
Please send any technical comments or questions to our webmaster