The next security worry - the photocopier

Multi-function devices have grown into security risks, or so vendors claim.

Name the previously ignored network device that is now at the forefront of information security? The usual suspects would be PCs, laptops, portable storage, servers, and perhaps critical pieces of infrastructure such as firewalls and email gateways, but they aren't exactly ignored. The security industry has built its fortune securing those.

For a small but growing number of large UK organisations, the new device to fear is, believe it or not, the photocopier, and its close relative, the networked printer.

These usually reviled machines sit in every single organisation across the land, churning out documents like mini-printing presses gone haywire, with few security managers worrying much about precisely what they are printing.

Indeed, the contemporary photocopier and printer are now in some cases the same device, multi-function 'document processing hubs', to quote the jargon, the one bit of hardware no business can live without but would prefer to ignore as far as possible.

But where does all this A4 go once it hits the print tray, and does any of it contain sensitive data? Nobody has a clue. And can organisations control who prints certain documents and hold them accountable in any way? Highly unlikely.

Multi-function photocopier/printers generate other security problems beyond the documents they print and scan. Many of them will contain hard disks, which cache print jobs and documents on their way to the outputting bin, and some even allow users to email straight from the photocopier flatbed to email addresses outside the organisation. Paper documents can be sent straight from the devices, in other words, while their caches can be full of unencrypted information. Given that the devices themselves can be accessed remotely, the risks, however small, are real.

Worrying about such issues might look like eccentric paranoia, but the photocopier, in particular, has some previous on the information security front. In the dying days of the Soviet-backed Communist regime of Poland's General Jaruzelski, using photocopiers was a rationed exercise, so terrified were the authorities of 'samizdat' clandestine magazines being run off on them. As late as themed-1980s, university photocopiers had armed guards, with access strictly controlled.

What the few companies specialising in securing photocopiers and printers like to promote is the digital equivalent of the armed guard.

By interesting coincidence, one of the few UK organisations willing to own up to using a the new generation of photocopier/printer security systems turned out to be in education, Thames Valley University (TVU), which bought 'MFP' (multi-function product) technology from photocopier stalwart Ricoh, a champion of the concept.

The university's use of the technology, however, has been fairly specific in its scope - it wanted a convenient way of managing and tracking student and employee use of printers and copiers. Fault-reporting had turned into a hassle and the Ricoh offered a way of making students top up swipe cards for printing use while being able to back up this credit and use data in case the card was lost. The bottom line? Saving money more than security per se.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

More about EnronNICERicoh AustraliaSecurity SystemsVIA

Show Comments