With the much-discussed changes to the Privacy Act coming into effect next week, one aspect of ensuring your business is ready for the changes that may be overlooked is addressing the security of your multi-function printer.
The changes to the Privacy Act will be introduced on March 12. Today’s highly sophisticated multi-function printer devices (MFPs) are capturing unprecedented levels of data, and an MFP is now as networked as the average computer, with a hard drive that is open to being compromised if not secured effectively.
However, recent Konica Minolta research found that over three quarters of businesses don’t actually believe their office printer is a potential security risk. In conducting a review for privacy purposes, below are a number of steps from Konica Minolta that you can take to minimise your exposure to potential privacy breaches.
- Identify your high-risk devices: Identify which devices are at risk and customise security accordingly, particularly those for payroll, senior management, account, and in particular credit (the Privacy Act has specific requirements for the management of credit related information as a sub-category of personal information).
- Activate the security settings: Check the security settings that are available on your MFP. If this is inadequate, consider upgrading to a newer model. Secure the hard drive by activating security options such as encryption, automatic data deletion, automatic data overwrite, password locking for protection of information on the hard drive (should it fall into the wrong hands either because the physical hard drive is stolen or a second hand owner can access the data).
- Install user authentication: Ensure security of sensitive information: password, user box settings, card swipe, finger scan authentication, or follow me print solutions, as the documents are then stored on a server instead of the hard drive.
- Ensure a password-protected firewall is in place: Prevent unauthorised remote access to your networked devices through a protected firewall password.
- Install a document management workflow to eliminate ad hoc scanning: If your MFP is a networked device, document management workflow solutions will help to ensure that information is secure and cannot be accessed, modified or disclosed without authorisation. It will also ensure that scan to email is set up to send only to authorised accounts (i.e. internal office email accounts).
- Establish an end of life plan: Ensure that you have a policy addressing proper disposal of end of life MFPs, including erasing data on the MFP’s hard drive.
- Make best practice policies and processes available to your staff: Ensure that they do not inadvertently disclose personal information and provide proper training.
MFP security isn’t new, but what is new is the increased level of risk being enforced by law. With more data being recorded, stored and potentially accessed over a network, there has never been a better time to audit your MFPs.