Ignoring Printer Security Could Get You Fired| Podcast Episode #6

a businessman with an icon of a printer printing a document in h

Do you know that most printers retain data that is being copied onto a hard drive?

Should a CIO care about this? Well, possibly not if the printer is outside sales or marketing as a workgroup printer, but what if it is outside legal? Or Human Resources?

It may be time for a bit of printer house keeping……

Can printers be used as a relay? Or a hot spot? Relay points? Can they contribute in a botnet?

In this podcast I interviewed a specialist on printer security, Kelley Dempsey, who is a Senior Information Security Specialist Information Technology Laboratory/Computer Security Division with National Institute of Standards and Technology. She just recently co-authored a paper called Risk Management for Replication Devices.

Kelley Dempsey

We discussed:

  1. The Genesis of the paper
  2. Printers
  3. Risks of Embedded Windows 2000 and Embedded XP on printers
  4. Managing printer service contracts
  5. Network takedown risk with DDOS
  6. Patching risk
  7. Monitoring risks
  8. Capabilities of printers like ‘overwriting’
  9. Encryption
  10. Segmentation
  11. What is non volatile storage
  12. Port management
  13. Non-volatile storage – confidentiality
  14. Risk Management – this is not a one size fits all approach. How do you balance your response.
  15. Service Contract/ Lease Agreements section is a good reminder piece from the operations perspective

The key takeaways for your teams are:

  • A link to Kelley’s paper 8023-IR (sections 3.1 and 3.2 are most useful)
  • Appendix B in particular is important because it has a very useful risk assessment for your team to use.

All methods of how to access the show are below:

If you enjoy the show, you can help us out by leaving a review on iTunes. Here’s How!

All replication devices as mentioned above are not created equally technically or their use in the business or their functional purpose. 

I hope you enjoy the podcast.

To participate in discussions about these topics and others join our CIO Group on LinkedIn.

Bill is dedicated to your success as an IT Business Leader. Sign up/Subscribe for weekly podcast, CIO Mastermind and CISO Mastermind updates delivered to your inbox easily and effortlessly: Follow Bill on LinkedIn and Twitter.

Leave a podcast review here

How do I leave a review?