As documented by my friend Jeff Man, HP hosted a Printer Security Tech Day for a select group of information security practitioners in the US last year. By all accounts, it was a success and they wanted to put on a similar event here in Canada. Considering Jeff’s wide reach via the Security Weekly podcast, they asked him if they knew of any fellow influencers in Canada.
As a result, I was lucky enough to be one of seven security practitioners invited to visit the HP Canada offices in Mississauga earlier this month. I gladly accepted the invitation on behalf of Securicy.
How did I get here?
I got to know Jeff Man while we both worked for Tenable Network Security. After I left the company, we kept in touch. I was lucky enough to have him keynote the Security B-Sides Cape Breton conference and he has spoken at AtlSecCon (I sit on the Board of Directors).
Jeff asked if I was interested in learning more about HP’s secure printing technology from a Canadian perspective. Of course I said yes, and he made the introduction.
What did I learn?
I learned that HP has the strongest, most comprehensive, print security protections in the industry. HP print security isn’t just about securing printers, it’s about helping to secure the entire network with real-time threat detection, automated monitoring, and built-in software validation that no one else offers.
Why should you worry about securing printers?
Attackers are targeting networked devices including printers to easily exploit brand & customer data. Users can change device settings, access data, or send scanned documents anywhere. Unsecured printers can open the network to attack.
Printers are a surprising, but real, source for a data breach. In addition to documents that lay unprotected in output trays, printers store information in memory that can be recalled or intercepted. Too many confidential print jobs are left uncollected.
Printer Security Tips
Secure your data: Sensitive data is vulnerable as it traverses the network to the printer and when it sits in the printer memory or storage.
After a document has printed, do not store the document or even data about the completed job on your printer.
Encrypt your print jobs to protect data in transit in the event they are intercepted, and use encrypted storage as documents wait to be printed.
Protect data before it reaches the device tray by authenticating users and tying them to their specific documents. Require that document owners authenticate themselves to the printer before pages will print.
Protect your documents: How often have you gone to pick up your document and found multiple documents in the printer tray or sitting around nearby? These can be viewed or carried off by anyone, creating a security risk. If your printer has the capability, activate pull or push printing to reduce unclaimed documents. Users can print to a secure network, authenticate themselves, and retrieve jobs when and where necessary.
Secure your printers: Move your printers to a controlled access area, or physically secure your devices. Disable physical ports to prevent unauthorized use.
Require authentication and authorization for access to device settings and functions to help eliminate security breaches. Deploy options such as PIN authentication, smart cards, or proximity badges. Use your printer’s built-in access control software (if available).
Before retiring a printer, remove any data that may be left in the device’s memory. Ensure the device’s hard disk is erased, destroyed or removed upon retirement.
To be honest, at the end of the day, we were all surprised at how much HP is embracing security across its’ entire product line and why we hadn’t heard about it until now!
As an added bonus, we had the pleasure of meeting Michael Calce (aka Mafiaboy). It was very interesting hearing his side of the story and how he has turned his life around.
Many thanks to HP Canada for hosting this event and I will be keeping an close eye on what they have to offer in the future.
Learn more about HP’s Secure Printing Technology.