Convenience is at the forefront of our lives. For businesses, this means a rapidly evolving security landscape that’s leaving many companies, and their IT departments, overwhelmed and scrambling. Smartphones and tablets and other embedded devices like printers and scanners utilize ingenious technology and provide significant benefit to how we do business, but they call into question the very serious issue of usability versus security.
Recent polls of management level employees suggest that upwards of 50% of them don’t know how their organizations identify compromised devices on their network. Additionally, polls of IT professionals show that data security threats at the office frequently go unmanaged due to insufficient resources or in some cases a lack of awareness that a situation even exists. Device manufacturers tend to focus on usability and place little emphasis on built-in software protections, contributing to data and network vulnerabilities. The challenge for device engineers is compressing large and slow software into a tiny space, which makes creating operating systems and software to run on these devices extremely difficult. Decisions invariably must be made regarding what features to include– if richness of features is forsaken for security measures, then how useful is the device in the first place?
Many of us may not even realize which office devices can pose a significant security threat. Here’s a list of culprits and the backend attacks they are susceptible to:
Printers – Remote reconfiguration or access to previously printed documents
Timeclocks – Access to employee information and payroll
Photocopiers – Retrieve documents over the web
Scanners – Remote operation or access to hard drive of previously scanned documents
Telephone Systems – Eavesdropping
Webcams – Hijack and enable without the owner’s knowledge
Best practice begins with two essential steps– first, a comprehensive IT policy that integrates and safeguards all office equipment, including those often forgotten about embedded devices; and second, an employee education program that’s clear, concise and tailored to your company. GCInfotech can assist you with a security evaluation of your office equipment as well as help you devise an employee education plan that’s appropriate for today’s security landscape.