Inside TDV - The Data Vault Blog
Risk Management For Office Printers
Even with considerable coverage, many organizations and business owners in America still aren’t aware of the risks posed by unsecured replication devices (printers, copiers, and scanners) in the office environment. Thankfully, the US Department of Commerce has recognized this need for increased awareness and recently released “Risk Management for Replication Devices” (NIST 8023) as a free download. This helpful, in depth guide takes a comprehensive look at the problems facing businesses today when it comes to managing their information stored on these devices; and provides an overview of possible solutions to mitigate the risks involved.
As has been noted on this blog before, these office machines may store documents, images, and other information that must be removed before being sold or traded to prevent exposing sensitive information to whomever subsequently gets possession of them. The guide identifies risk in three major categories:
- General threats and vulnerabilities. Examples include manufacturer default passwords that could be used to gain unauthorized access to information, unencrypted data transmission or storage, and outdated or unpatched operating systems.
- Network connectivity threats and vulnerabilities. Examples include open ports or protocols, unencrypted wireless connectivity, or access to other organizational assets through unprotected hop/relay points provided by the device.
- Nonvolatile storage threats and vulnerabilities. Examples include failure to sanitize the devices before they are repurposed, unencrypted storage of information, or access to the device by third parties who could download data from memory while performing device maintenance.
With a security risk assessment template in table and flowchart format and a number of questions for assessing your organization’s use of copiers, this guide can be helpful to review for companies of any size. Featuring our records management consulting services and media destruction capabilities, The Data Vault is able to assist in efforts to lessen the risk posed by office machines. If you have any questions or need help with this particular topic, contact us any time!