Is Your Copier Poking Holes in Your Network Security?

The fastest growing meter in the copier world is the scan meter. 

Scan to file, Scan to USB, Scan to Email, Scan to a software – scanning is at an all-time high.

This is great for the customer. It makes it simple to

• Send information around the world
• Put documents in places where they can be found,
• Increase efficiency
• Integrate hardware into workflows

The benefits are endless. 

That said, what’s the downside?

Answer…. Security. 

The most common form of scanning we see is scan to email. An email address is assigned to the copier and you simply drop the document in the feeder, choose an email address, and the document is attached to an email in the corresponding in box. 

Simple? Yes.

Dangerous? Oh yeah.

The office buildings full of hackers (yep, there really are office buildings full of hackers) have grown wise to this. They hijack the alias email assigned to your copier and send an email from that address with a malicious attachment that looks like, you guessed it, a scanned document.

Other threats include sending sensitive information to the wrong email. Simply hitting the wrong button can lead to data breach.

Oops, you just sent your financial information to your pest control company, can you delete that?

Being able to send information anonymously with no paper trail opens a world of trouble. Theft of intellectual capital. Just scan it. Nobody knows who did it . . . or harassment, none of that going on these days. 

How Do I Stop This?

The answer is: Scan to folder. But wait. On the majority of MFPs in the market in order to scan to folder you have to open up a SMB port. 

If you're in IT you are likely aware that the SMB port is the port used to infiltrate many networks with the WannaCry virus (this was one of the major ransomware attacks in 2017 – this particular one shut down hospitals in the UK, among other damages, while spreading throughout Europe and the United States). Maybe not the best answer. (For the record they don’t come in through the copier, but through the open port).

Do you work in an environment that is required to operate in compliance with HIPAA (Health Insurance Portability and Accountability Act), Sarbanes Oxley, or some other industry regulation?

There are usually some requirements around how information is transferred and tracked. What is the audit trail for your company? Maybe you have the standard scan to USB function turned on. Can someone in your organization simply scan a file to a USB stick and walk away, completely anonymous?

This is scary stuff and based on the business that I am in it is discussed and thought about every day. Where we see the biggest challenge is in Small to Medium sized business like ours that can’t assemble a task force of IT people to address these issues.

That is where we can help the most.

Let us come in and help you formulate a plan. We have proven solutions to solve these problems.