12-09-2015 - 15-104 - Performance Audit - Printer/Copier Security - Citywide
Printers and copiers are standard office equipment in all City departments. Today’s printer/copiers are sophisticated multifunction devices that can send emails, scan and save documents, and send faxes. To manage these tasks, the devices have onboard computer operating systems and hard drives, and are connected to the City’s network to process multiuser requests.
While enhancing productivity, these devices introduce risks to a networked computing environment. Documents processed by the devices are saved on the hard drive. If not programmed to erase these files, there is a risk that documents containing sensitive data can be retrieved and reprinted by an unauthorized party at a later time.
DTI has issued a procedure for securing networked printer/copiers, but awareness of the procedure has not been communicated effectively to City departments. Many Citywide printer/copiers have security features that have not been activated, increasing the risk of unauthorized use or release of confidential information. No evidence of any data breach related to printer/copiers came to our attention during the audit.
Recommendations & Benefits
By following the recommendations in this report, DTI will:
- Enhance security of networked printer/copiers against misuse,
- Improve management of printer/copiers with a master listing of devices,
- Enhance consistency in purchases, leases, and maintenance contracts for printer/copiers,
- Improve communication of IT security policies, and
- Enhance security of networked printer/copiers and other multifunction devices.
DTI agrees with the recommendations and will work with City Departments to enhance security of Citywide printer/copiers, develop an inventory of networked printers/copiers, and to strengthen communication of IT security standards.