OMG! There’s a hard drive in my printer!

While most of the world has been scrambling to fend off data breaches across the IT security spectrum, another problem has been lurking just below the surface. According to an article in DarkReading, an online data security newsletter published by InfoWeek, networked printers are a potential source of data breaches that have been all but ignored by both owners and security professionals. In response, the Institute of Electrical and Electronics Engineers (IEEE) has issued 2600 Profile, a new security standard that covers networked printers and copy machines. Otherwise known as the “IEEE P2600 family of standards for hardcopy devices and system security”, the initiative covers laser printers, copiers and other seemingly innocuous multifunction devices.

The new standards, developed by Xerox, Canon, Epson and other major players in the market segment, specify a number of guidelines for manufacturing and deploying secure printers, including password protection, hard drive encryption and electronic “shredding,” and security logs. It also includes an overwrite function that destroys residual data on the disk, a feature Xerox has begun adding to their most recent models.

Residual data on what disk? Right. It’s easy to forget that copiers and digital printers incorporate computers into their inner workings and are equipped with hard drives the same as any PC or laptop. Not only are copiers and printers repositories of vast amounts of data, they are also components in the networked enterprise environment, and therefore vulnerable to hacking. Decommissioning or selling a printer therefore carries with it the same risk of data theft as a similar scenario for a PC.

According to the experts, no printer related data breaches have been reported. But as is so often the case with this sort of thing…it’s only a matter of time. Meanwhile, the new IEEE standards are in the process of certification and approval.