How Secure Are the Printers and Scanners Within Your Office?

Kim Mays

In small closets, hallways and desktops in almost every office, you will find them: machines that replicate data. Copy machines, printers, scanners, fax machines and the like are used every day without a second thought. They’ve been a necessary part of business for decades, and though many offices have moved toward working paperless, it seems we will never see their final days. And no one seems to worry about them unless they break down.

But, these innocuous business machines could pose a risk to the organization if their security is never considered. Most of them are connected to our networks. Others provide multiple functionalities and may even connect to the Internet. Even scanners contain internal storage where company data may reside.

It’s up to each company’s IT organization to understand the risks of each such device within the office and properly manage the potential security issues posed. Since these devices once began as machines without internal memory and many couldn’t be networked, a lot of IT staff overlooks the possible threats and vulnerabilities that the newer, more advanced replication devices possess.

To help IT organizations better understand the scope of risk associated with internal replication devices, the National Institute of Standards and Technology (NIST) has created a publication called “Risk Management for Replication Devices,” which can be downloaded for free from our IT Downloads section.

According to the document, replication devices are often vulnerable to a variety of threats including interception of data, password breaches and unpatched OSes and firmware. Also, within many devices lie storage media where confidential company data may be saved, which is dangerous on many levels:

Many [replication devices] use nonvolatile storage media to manage jobs and control the device. Potentially all of the information that was ever processed, stored, or transmitted by the device could remain in the nonvolatile storage indefinitely. Nonvolatile storage media for RDs is most often in the form of a hard disk drive or solid state drive.1 Some RDs may also provide for use of removable solid state memory cards or flash drives. Information stored within a RD may leave organizational information vulnerable to numerous exploits and compromises of confidentiality or integrity.


The document goes on to explain risk management activities that IT organizations should perform to identify possible security risks. It also details security functions that IT can perform to further mitigate these risks. The authors also explain practices that should be considered in order to configure and implement the proper security controls for each replication device on site.

CIOs, IT managers and anyone in IT who is responsible for overseeing printers, scanners or fax machines should read through this publication and make note of how their organization can increase its security controls for all replication devices. It’s better to create a plan and lessen the risk factors now than be sorry after a security breach occurs.

Kim Mays has been editing and writing about IT since 1999. She currently tackles the topics of small to midsize business technology and introducing new tools for IT. Follow Kim on Google+ or Twitter.

Add Comment      Leave a comment on this blog post
Mar 2, 2015 1:41 AM Canon Printers Ink Canon Printers Ink  says:
Security within these devices can be quite hard to achieve unless people really focus on how to protect their information. It's a collaboration between the IT and all the workers in general. Reply
Mar 2, 2015 2:29 PM Davey Hiltz Davey Hiltz  says:
We just had a hack-in to our scanner, but we were able to get that fixed before any information was damaged or stolen. Since then, the company has cracked down on security. Sometimes too much I think. I still wanted to read up a bit about it, so thanks for the article. Reply
Mar 6, 2015 3:52 PM Julie Myers Julie Myers  says:
Worrying about hacks within businesses is definitely a concern. I have been wanting to get better security for our scanner, but I am not sure how to really do that. I should probably ask our IT team about it to see how we can make sure that we don't get hacked. It might be good to try and figure this out since we are planning on getting new printers soon! Reply
Apr 3, 2015 1:10 PM Skylar Mitchell Skylar Mitchell  says:
I have been wanting to get a new printer, but I would like for it to do a few new things. It sounds like getting a printer that also scans would be a great option for our office! However, when we do get one, I would like to be sure that it is secure. It would be really bad for them to get hacked or damaged, so I will be sure that we get a secure printer and scanner! Reply

Post a comment





(Maximum characters: 1200). You have 1200 characters left.



Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.