BP Perspective Insights from a Business Partner

Critical Security for Multifunction Devices and Beyond

I cringe every time there is a broadcast news story on yet another security or data breach that affects the legal industry, hurting legal entities and their clients.

Chris Bilello

Lately, there have been many, including ransomware like WannaCry and NotPetya, the Equifax breach, and vulnerabilities like Meltdown and Spectre. Even a global phishing scam used a fake multifunctional copier/printer to email message as bait — so recipients believed that the email was coming from a trusted colleague.

Earlier in the decade, two compelling broadcast news stories regarding copier/printer data security really brought this issue to light. One reported on a large health care insurance provider that was fined $1.3 million. It failed to secure patient data that was on its multifunction device (MFD) hard drives after the lease expired and the machine left the premises. This heightened the public’s fear that confidential and private data could be stolen by hackers from the hard drive of an MFD — but, according to the report, the average American does not want to pay for such added protection.

That’s a grave mistake. Your MFD holds a lot of data, both hard-copy and electronic. Your legal department would be wise to make a financial investment to protect itself from costly security threats to your connected devices. It’ll not only save a significant amount of money, but, more importantly, will increase the integrity and protection of your data.

Firms must understand that it’s the value of their clients’ data — not the attorney count — that drives the need for higher levels of security and attestation.

WHERE WOULD YOU PUT THAT INVESTMENT?

Let’s begin with hard drives, which are found in many devices, including copiers, printers and, of course, computers. Since many are on a network, they all become susceptible to breaches because of the valuable data they may house — whether they are in your firm or when they leave your building. So, you should consider investing in hard drive and network security by acquiring MFDs that offer secure complex administrator passwords and other hard drive-specific security measures, such as:

  • Hard drive encryption
  • Hard drive lock password
  • Automatic deletion of temporary image data
  • Data overwrite of electronic documents on a timed basis

Also, some manufacturers offer the above capabilities, but with an added focus on network security protection and user access and authentication. These added network settings should meet stringent industry requirements, such as in the finance arena, where they should support the Payment Card Industry Data Security Standard (PCI DSS), or in the education field, where compliance with the Family Educational Rights and Privacy Act (FERPA) is crucial. Most important, though, is that each of your devices meets Common Criteria ISO 15408 EAL security certification. With this in hand, you’ll be assured of having the best possible protection available today.

Hard-copy data can expose sensitive information when it sits idle on the output tray of your MFD where unauthorized personnel can see it and steal it. To address this, consider MFDs equipped with secure print release capabilities. This feature will allow the hard-copy printout only when the authorized recipient first enters an ID and password at the MFD control panel. With this, only that individual will have access to the document.

Law firms and accounting firms have been labeled as “treasure troves” of data by many sources. In response, businesses have been placing increased demands on law firms to prove that their data is and will be secure. Firms can no longer just claim that it is — they must prove it. And this applies to firms of all sizes. Firms must understand that it’s the value of their clients’ data — not the attorney count — that drives the need for higher levels of security and attestation.

The only way to prevent future breaches is for your firm to make a smaller investment in data security now before you’re forced to pay a huge price later. Now more than ever, your clients are depending on you to ensure that their data is safeguarded.