Security:: Multifunction Devices Configuration and Security

Printer-friendly version

Multifunction Device Configuration and Security

An MFP (Multi Function Product/ Printer/ Peripheral), multifunctional, all-in-one (AIO), or Multifunction Device (MFD), is an office machine which incorporates the functionality of multiple devices in one, so as to have a smaller footprint in a home or small business setting (the SOHO market segment), or to provide centralized document management/ distribution/ production in a large-office setting. A typical MFP may act as a combination of some or all of the following devices:printer, scanner, photocopier, fax, e-mail."

*"Nearly every digital copier built since 2002 contains a hard drive - like the one on your personal computer - storing an image of every document copied, scanned, or emailed by the machine. In the process, it's turned an office staple into a digital time-bomb packed with highly-personal or sensitive data." (CBS News)


  • Confidential documents (print, scan, fax, document storage, and copy jobs) are unencrypted on local hard drives*. Even though jobs can be deleted, they can also be undeleted.
  • Level 1 or Level 2 data
  • POTENTIAL FOR DATA BREACHES: Copiers, printers and multifunction devices are in fact complex, network-centric devices that require careful consideration, and are governed by ITS Security Policies and Procedures. In addition, these devices require sophisticated security measures, as they generally don't run conventional operating systems (e.g. no secure network file shares or antivirus software). This difference can create a substantial risk of data breaches.

Multifunction devices have many features which allow for ease of access and use. These devices must be carefully configured based on the sensitivity level of documents processed through them. Additional steps need to be taken when documents with Level 1 data are scanned or faxed.

  • NO PASSWORD SECURITY. Many devices have no passwords much less strong passwords set. Just because the device is inside an office does not mean it is secure since these devices have presence on the network and some on the internet. Consult with Desktop Support to set up password schema for administrator and user functions.
  • BIOS UPDATES are not maintained. This leaves the device vulnerable to hacking, viruses and malware attacks. Request that BIOS updates are maintained by your vendor.

Copiers, printers and multifunction devices have specific needs:

Site Preparation (HSU login required).  Site requirements and considerations BEFORE purchasing a multifunction device. BEFORE the device is purchased the ITCs in your area should be consulted to ensure they meet campus data security requirements. In addition, Plant Operations needs to be consulted to ensure that their physical location and that there is adequate available electrical power, ventilation and floor weight requirements . 

Once the device is approved, purchased and in place your Desktop Support will configure security features and set up.

Multifunction Device Security and Protected Information. A document scanned in COPIER, FAX OR SCANNER mode, or print data sent from a printer driver is temporarily stored on the machine's hard disk. Even after the job is completed, it remains on the hard disk as temporary data. 

Laniers have an optional feature called "Data Overwrite Security System (DOSS)" unit that can be added. You can then use NSA, DoD, or random number erasure. For more information, confer with Desktop Support.

Multifunction Device Transfer, Trade or E-Waste Sanitization. If you have a device that will be transferred, traded or e-wasted there are specific asset management procedures, security procedures and forms for accomplishing this. Please consult with the campus Security Officer and/or Desktop Support for more information on secure destruction.

E-wasting an old copier, printer or multifunction device: Many of these devices have internal hard drives. These hard drive need to be securely wiped before being transferred to any other campus office. If they are to be traded in, the hard drive should be removed and treated as secure e-waste.