"IT" is Really About Information as a Total Business5 Mar, 2013 By: Eric Stavola, Witt Company
I travel a lot for my work, thus, when sitting on a plane, I'm often asked what I do for a living. For years that question struck an internal chord within me about what to say to truly explain what type work I do. Sell copiers? Provide solutions? Maybe a document imaging consultant? The simple truth is, I am in the Information Business.
As our office devices, applications, software, and services continue to evolve, today we need to educate our customers IT. This includes the term "Information and Security."
Security has and always will be a key concern when dealing with IT/MIS personnel. However, I see a common flaw amongst IT personnel, as many don’t see “MFP/Copier” security as a major concern. I read recently that less than 7% of all IT personnel that were polled in a study, felt that copiers were a major security concern. Yet in that same study they ranked computers at more than 50% of a security threat.
In the copier & printer realm, most perceive the topic of security as simply limiting copies or prints via account codes. However, with industry hardware improvements in equipment, the addition of hard drives, vast amounts of RAM, processors, Operating systems and applications, it should create more concerns in regard to Information security.
When addressing “Mr. IT” on the importance of MFP/Copier security, let’s be sure we’re all on the same page.
First, let's cover the general description of Information Security:
The term information security describes the task of guarding digital information, which is typically generated by a computer or copier and stored on a hard drive or other storage media. When our information is seen as "secure," it ensures the user, or in some cases your client, that protective measures have been properly implemented.
Education talking points: Copier vs. Computer
When talking to IT staff it is critical to educate them of the latest evolutions of our devices. With input, output, processing and storage features, our MFP’s and copiers have all the makeup of a computer.
How do I secure the data on my copier?
Let IT know that MFP’s/Copiers today have Hard Disk Drives(HDD) and sometimes Multiple HDD that store data/ When talking about data on a copier or printer it helps to understand that there are two types of data:
1. Transitional Data – Data that is left after every copy, print, or scan.
2. Active Data – Data that is in some sort of storage box or document box on the HDD that the end users send it to.
Most end users know about their active data, however, the temporary or transitional data needs to be addressed and will be of concern to Mr. IT. Most manufacturers today have some type of data security kit to address this issue. Most security kits will overwrite the data anywhere from one to a number of times. In order to meet ISO 15408 certification, data needs to be overwritten 3X times.
Today scanning is common on all MFP Devices. In efforts of Data Security we should follow:
SMTP - Should be locked down only to scan from key domains, too often I see an open port allowing to scan anywhere at any time. Create a user account for the MFP: By creating a user account one can track email usage as well as lock down scan to file applications.
What other measures can I take to keep my copier/printer secure?
True copier/printer security will come in the form of layers. There really is no one way to make a anything 100 percent secure, however, if we educate on all the features we have available we can address the majority of Mr. IT’s concerns. An easy way to do this is by remembering the Three A’s: Access, Authentication, and Accounting.
This is a predetermined level of access to resources of information.
Access Talking Points:
1.Physical Security – Against theft, loss, manipulation, availability, and confidentiality. To many times, copiers are not locked down with available passwords or key cards to limit unwanted usage or access.
2.Access Control – Ensure that only legitimate users/traffic are allowed on the network or on network devices.
Check for common & overlooked mistakes.
Set your passwords: Literally all devices today have a web interface to configure , yet in my experience only about 20% of users change or set the default passwords to their copier or printer web interface or hardware access.
Clear your data: I catch to many companies putting out demo’s or bringing back units with private key customer information on the Hard drive or Address books. Be sure to clear data prior to returning or changing out a device. If you are selling a copier/MFP you should always offer a data security option on your device.
Turn off other protocols: TCP/IP is probably the only needed protocol 99% of the time; however, by default MFP’s come with all protocols and ports opened up. We need to make sure we are closing off vulnerabilities and potential openings onto the network.
The positive identification of a device or individual seeking access to secured information, services, or resources on the network.
Authentication talking points:
1.Encryption – Ensures data cannot be intercepted or read by anyone other than the intended party involved
2.IP & MAC address filtering – this feature provides administrators with the ability to filter by IP addresses.
Overlooked mistakes with authentication:
Join the Domain: Most if not all products today have the ability to be joined to your client’s domain (Network), however, I see many do not take advantage of this option.
Use IPv6: Most all products sold today have the option, IPv6 is designed to run well on high performance networks (Gigabit Ethernet) and at the same time still be efficient for low bandwidth networks (wireless). In addition, IPv6 provides a platform for new Internet functionality and security that will be required in the near future. Use third party software or applications to track user data and usage. The time has come to focus on user data and usage patterns V.S. simply focusing on device data and usage.
This is simply the logging of use of each resource on the network.
Accounting Talking Points:
Limited Access: Oversight for critical devices including MFPs, printers, and scan stations.
Tracking: Most copiers/Printers have free features that allow Mr. IT to track usage.
Use third party software or applications to track accounting most manufacturers provide an abundance of free utilities to address accounting; use them. When needing more functionality or reporting upgrade to third party software or applications track accounting.
Almost every company you walk into today will have some type of network security policy already in place. But a great way to address any security concern is to then show all the features that your product and services have to integrate, as well as address their currently set policies – for the better.
We simply need to tell the security story to our clients and explain and educate on all the feature rich benefits and utilities to allow for feeling “secure” - and that your product will fit into their network environment. What you will provide is layers from a hardware and software standpoint that will not only address their questions but, when explained correctly, will enhance your overall sales process.
Author: Eric Stavola MS.CIS, M.ED, MCSE, MCSA, N+, CDIA+ / Chief Operating Officer, WITT COMPANY
www.witt-company.com / OFFICE TECHNOLOGY PRODUCTS AND SERVICES / Cell (619) 379-3009