Guest post by Garland J. Nichols, PhD, Xerox Vice President Information Security, Research & Product Development
The Internet of Things — really the Internet of Everything — has disrupted how we view security. It’s not just locking the front door and installing an alarm system as we do to protect physical things. We must secure every aspect of our digital presence on the Internet to be assured we are indeed secure.
Here are a few ways to secure your digital presence along with parallel tips to secure a networked multi-function or single function Xerox printer.
1. Apply GOOD Passwords, and Please Change Them!
For your mobile devices, apply passwords that are difficult to guess. Do this for all accounts that you access online. Some suggestions for creating good passwords:
- 10 characters long
- Combinations of lower and uppercase letters, numbers and special characters
- Don’t duplicate passwords, especially for websites that allow financial transactions such as banks or online shopping.
You should change your passwords periodically. Every thirty days is recommended, but probably difficult to maintain, so determine a frequency you’ll stick with. If your “favorite” password is compromised at one website, it can be used to scan thousands of websites to see if there is a successful login. Hackers use the power of computers to compromise passwords; they aren’t personally logging into your accounts one by one.
Click here for more information on how to create and secure GOOD passwords.
Your Xerox Printer and Passwords
Secure access to your MFP administrator account by changing the default password to a GOOD password, just like your mobile devices. Not applying password protection to your printer’s administrator account leaves configuration settings open to tampering. You may have your printer securely configured for your IT policies but it only takes a few minutes to undo the security settings of a printer when access is not controlled. Password complexity and change frequency applies here, too, so follow the same guidance for your mobile devices.
You can access Secure Installation guides for many models of Xerox MFPs by searching for your product on the Product Security page here.
2. All Wi-Fi Is Not Created Equal
Are you connecting your mobile devices to free Wi-Fi in public places like coffee shops or airports? If you are, free is not necessarily safe, and your transmitted data is not protected. Such connections are meant for convenience, not security. Anyone with the right tools can intercept data you input, such as passwords, which are transmitted in the open when you use unsecure Wi-Fi. Your data is not encrypted from the PC to the Wi-Fi access point. It is only secured once a connection is made with the website via HTTPs.
In addition, a hacker can easily create a rogue access point and trick you into connecting. It will look legitimate, but it’s malicious. Everything you access while using it, such as e-mail, social networking accounts and your banking accounts can be compromised.
Your Xerox Printer and Wi-Fi
Use the 802.1x device authentication that your Xerox printer may support to ensure your printer connects to an authorized wireless access point. Devices that connect using 802.1x must be authenticated in order to connect. This also means you don’t have to compromise security in order to use your Xerox printer wirelessly.
3. Keep Your Software Up To Date
Ensure that automatic updates are enabled for your mobile devices, especially your home-use PCs. The latest software can protect your information from vulnerabilities that those with malicious intentions can exploit. Software updates on your cell phone are critical, but are often well “after the fact” of identified vulnerabilities. Many carriers test software compatibility with all of the other apps installed on your phone before they deploy them. Those are the apps you have to keep, whether you want them or not. This means any vulnerabilities that might be resolved are not new and may have existed for some time. For that reason, apply updated software as soon as it becomes available.
Your Xerox Printer and Software Updates
Just like your cell phone or PC, your printer should have the latest software available. This ensures your device is protected from vulnerabilities. Xerox has a comprehensive vulnerability management program to keep your Xerox device up-to-date with the most recent software to protect against vulnerabilities.
You can get the latest information on software available from the security bulletins for your Xerox device here. Just find your product and search security bulletins.
4. To Click or Not to Click
How often do you get an e-mail that entices you to click on a cute video or an important message from your “friend” or a “business” that requires your immediate action? This might be phishing, the fraudulent practice of sending emails seemingly from reputable companies or individuals in order to induce people to reveal personal information, such as passwords and credit card numbers. Malware can also easily spread by unconscious link clicking, resulting in compromise of your information.
Today phishing is not only in e-mail; it has extended to cell phones in the form of texts on your phone. Be wary, pause before you click and ask yourself, would this person just send me something like this out of nowhere? Would my bank ask me to go and log into my account via an e-mail or text with a hyperlink? When in doubt, confirm the sender and the information in the e-mail is legitimate or just delete it.
Your Xerox Printer (Not a click issue but read on…)
Though you are probably not going to click on a link via your Xerox printer or get a phishing e-mail sent to your printer, software security is still a worry, as “bad stuff” being loaded onto your Xerox printer by other means may still be a concern. Your Xerox printer software is protected from malicious files because Xerox digitally signs printer firmware. Our devices know the good stuff from the bad stuff. In addition, AltaLink and ConnectKey devices have whitelisting technology, which lists all allowed files, so only permitted files can run on the printer. The list of “good” stuff is a lot shorter than the endless list of bad stuff. This makes whitelisting an effective way to protect your Xerox printer.
Want more information on secure printing?
Click here for 12 tips on securing your mobile device go. Click here for an example of a Secure Installation guide that may be available for your product.