Here's how a printer could bankrupt your business

By the time you will read this article, the deadline for the European General Data Protection Regulation (otherwise known as GDPR) to kick in will be just over five weeks away and for companies all over the land, that means making sure personal information and data that they have collected is not only used but also stored in compliance with the new rules.

Regardless of the number of employees, all businesses and public sector entities will have to embrace GDPR or face fines of up to €20 million or four percent of global annual turnover, whichever is higher. In the case of a social networking company which recently made the headlines for the wrong reasons, that would have meant a potential €1 billion fine.

Research published in June 2017 by iGov Survey on behalf of KYOCERA Document Solutions UK found out that less than 60% of public sector organisations surveyed between March and April of that year were aware of the implications of GDPR for their organisations.

Is your printer GDPR ready?

What was more alarming was that nearly 30% of the respondents back then felt unprepared to meet their obligations regarding document and print management with a similar proportion saying that they do not have a policy regarding USB storage, which is mind boggling given that horror stories about misplaced USB drives have been doing the rounds for nearly a decade now.

Printers and multifunction devices (which can also scan and fax) can store and handle massive amounts of data every day; some, like the KYOCERA TASKalfa 8052ci, have huge hard drives that can store millions of documents and should, in theory be at the top of the security and GDPR checklist for a number of reasons.

They are often networked, they have longer shelf lives which mean that they may lack the security features of newer models and they are also often procured and serviced by external parties, which may blur the responsibility line.

Not considering a printer (or indeed any connected device) as an active and potentially vulnerable player of an organisation’s network is dangerous.  A 2015 IDC survey found out that more than half of the companies surveyed had experienced and IT security breach that included print security in the past year. In other words, leaving your printer unprotected is just asking for trouble.

10 steps to mitigate GDPR-associated risks

KYOCERA evaluated all the potential MFP security weakness areas and compiled a check list of 10 key areas for organisations to secure before the GDPR deadline.

  • Capture - scanning and copying documents to uncontrolled destinations can breach GDPR guidelines
  • Output tray - documents left on the output tray account for the biggest loss of data
  • Machine operating system - an unprotected operating system could allow takeover of the machine
  • Ports and protocols - open and unused ports and protocols represent a risk that can be exploited
  • Management - without regular device scanning, persistent security holes could be exploited
  • Network - data can be intercepted across the network link
  • Cloud connection - connecting to offsite locations may leave you open to data breach
  • Device storage - content stored in devices could be accessed
  • The human factor - employees can leave sensitive information on their desk
  • Operation panel - an unlocked panel can allow users to tamper with settings

To make things easier, KYOCERA came up with SecureAudit for its printers. This feature produces a diagnostic JSON/printable report of all open ports, protocols, registered accounts, job boxes, installed apps and USB status on compatible devices. That document then allows the data manager or the system administrator to quickly identify vulnerable spots and take remedial actions as soon as possible. 

There’s more to it though and KYOCERA has even put together a hub that contains, amongst other things, a GDPR guide and a number of useful infographics. Check out KYOCERA’s GDPR hub here.