Security Guide

Shutting out the cyber criminals

If left unprotected, printers are an open backdoor into your business to steal or compromise your valuable data.

Printers, including multifunctional printers (MFPs), have evolved into sophisticated computer systems connected to business networks and the Internet. Despite data security being a high priority for most organisations, print devices are often overlooked. Research indicates that a significant portion of European SMEs have no IT security measures covering printers, making them a key target for hackers. The move towards hybrid workplaces has further opened vulnerabilities, allowing unsecured printers to provide easy access to sensitive information and entire IT networks.

The threat is very real ⚠️ and being exploited. A notable percentage of European SMEs have experienced printer security breaches, leading to long-lasting reputational damage. Every business, regardless of size, must ensure its document production environment is protected through technology and safe user behaviour, just like any business laptop or PC. Security is central to Sharp's product development, aiming to make working lives easier and more productive while keeping data safe.

Understanding the risks

Modern businesses process vast amounts of information but often lack visibility into how it is produced, stored, shared, and accessed. This leads to potential security and compliance risks, including data breaches, unsecured files, human errors, and unauthorised access.

Network threats

These include activities enabling unauthorised network access to compromise data, such as viruses and malware, stealing confidential information via phishing campaigns, or preventing system access through Denial-of-Service (DoS) attacks or ransomware.

Physical threats

These encompass physical actions and events that could cause loss or damage to information or systems, whether internal (e.g., unstable power supply), external (e.g., lightning strikes), or human-induced (e.g., disgruntled employees, sensitive documents left unattended).

Legal responsibilities

This involves protecting sensitive data, such as employee records, customer information, and account data, as required by prevailing government or industry regulations like GDPR.

To be fully effective, information security must protect printers and business information from all forms of unauthorised access, use, disclosure, modification, or destruction.

Keep safe and stay productive

In today's connected world, threats are increasingly sophisticated, requiring print security to match this evolution without impacting productivity.

All the protection you need

Sharp recognises that protecting business and user data is critical. However, overly stringent or ineffectively implemented security measures can harm productivity. Sharp printers and MFPs feature advanced Security Information and Event Management (SIEM) capabilities designed to protect information and document assets from physical and cyber threats, including determined attacks. They also assist in complying with regulations like the General Data Protection Regulation (GDPR).

Sharp provides tools to control and manage print security policies and securely access confidential information, regardless of how it is captured, stored, printed, or shared over a network. Key features include:

• User Authentication before device use.
• Serverless Print Release for secure job release from up to 5 other devices on the same network.
• Automatic Encryption of documents stored on or emailed from the device.
• Self-Healing Technology for safe device recovery after an attack.
• Flashing LED to remind users to retrieve documents after scanning.
• Whitelisting of applications and firmware that can communicate with the device.
• SSL/TLS Certificate Validation to ensure third-party servers are safe.
• Audit Trail and job log features for comprehensive review of user activity.
• Anti-malware monitoring, using Bitdefender (optional), to secure data, devices, and networks.

Print security made simple

For businesses lacking technical resources or wishing to focus on core operations, Sharp offers security expertise through its Complete Print Security service. This fully managed service provides proactive security monitoring, typically available only to large corporations, delivered via an 'as a service' model with a simple monthly fee and no upfront costs.

Sharp monitors the Sharp MFP fleet 24/7 using an industry-leading SIEM system to immediately identify and mitigate attempts at unauthorised access, system changes, or other security events.

• Simple, centralised control: A security device is installed and configured, connecting to a cloud security service to manage security and control printing across the MFP fleet.
• Active threat detection: MFPs are continually monitored for safe operation. Deviations trigger automatic resets or security alerts for investigation by security experts. Around-the-clock monitoring and threat analysis rapidly identify and mitigate suspicious activity or potential threats.
• Support where you need it: Appropriate action is taken for severe threats to prohibit attacks or resolve issues. For low-level alerts, remedies and support, such as configuration amendments, are provided. Regular reports on security alerts and remedial actions are also supplied.

All-round protection

On-device security should offer comprehensive defence against key vulnerabilities and attack points. As PCs, laptops, and servers become more hardened, other networked devices like printers are increasingly targeted in diverse ways. Understanding this evolving threat landscape is crucial for building effective defences.

Key on-device security features include:

• Real-time Intrusion Detection: Detects abnormal connection requests and denies access.
• Trusted Platform Module (TPM): Provides an added layer of protection to safeguard data.
• BIOS Integrity Check at Startup: Helps protect system files from malware attacks.
• Application Whitelisting: Prevents unauthorised applications and firmware from being loaded.
• Active Directory Integration: Allows MFPs to join network domains as trusted devices.
• Firmware Attack Prevention: Checks for abnormal firmware and can restore original versions from backup.
• Bitdefender Antivirus: Provides comprehensive protection from malware attacks.
• End-of-Lease Data Erase: Protects privacy by deleting all data and personal information when a device reaches the end of its lease.

Data Security

This section details data security features, including data overwrite methods, data clearing, encryption, and document filing capabilities, across various Sharp product series. Availability may vary between standard features and optional Data Security Kits (DSK).

Network and Communication Security

This section outlines network and communication security features, including protocols, authentication, and filtering methods, across different Sharp product series.

Authentication and Access Control

This section covers authentication and access control features, including user authentication methods, password policies, and print security options, across various Sharp product series.

Scan Features and Sharp OSA® Applications

This section details scan features and Sharp OSA (Open Systems Architecture) application capabilities, including direct domain entry and various scan destinations, across different Sharp product series.

Mobile and Cloud Features

This section lists mobile and cloud connectivity features available on Sharp MFPs and printers.

Audit Trail and Other Security

This section covers audit trail features, digitally signed firmware, and other security-related functionalities.

Fax Security

This section details fax security features, which may require the fax option to be installed.

Data Security Kit (DSK) & Common Criteria Certification

This section highlights the Data Security Kit (DSK) and Common Criteria Certification status for Sharp products.

Security Management

This section covers security management services and features offered by Sharp.

Product Lists and Feature Availability Notes

This section lists Sharp MFPs and Printers and provides notes on feature availability, especially regarding optional upgrades and specific model limitations.

MFPs and Printers

A3 MFPs

• MX-M1206, MX-M1056
• MX-8081, MX-7081
• MX-6071S, MX-5071S
• MX-4071S, MX-3571S, MX-3071S
• MX-4061S, MX-3561S, MX-3061S
• MX-6051, MX-5051
• MX-4051, MX-3551, MX-3051, MX-2651
• MX-M6071S, MX-M5071S
• MX-M4071S, MX-M3571S, MX-M3071S
• MX-M6051, MX-M5051
• MX-M4051, MX-M3551, MX-M3051, MX-M2651
• BP-30C25
• BP-30M35, BP-30M31, BP-30M28
• BP-90C80, BP-90C70
• BP-70M90, BP-70M75
• BP-70C65, BP-70C55
• BP-70C45, BP-70C36, BP-70C31
• BP-60C45, BP-60C36, BP-60C31
• BP-50C65, BP-50C55
• BP-50C45, BP-50C36, BP-50C31, BP-50C26
• BP-55C26
• BP-70M65, BP-70M55
• BP-70M45, BP-70M36, BP-70M31
• BP-50M65, BP-50M55
• BP-50M45, BP-50M36, BP-50M31, BP-50M26

A4 MFPs

• MX-B456W, MX-B356W
• MX-C607F, MX-C557F
• MX-C528F, MX-C428F, MX-C507F, MX-C407F
• MX-C358F, MX-C357F
• MX-B707F, MX-B557F
• MX-B468F, MX-B467F, MX-B427W
• BP-B547WD, BP-B537WR
• BP-C542WD, BP-C533WD, BP-C533WR

A4 Printers

• MX-C607P, MX-C507P, MX-C407P, MX-C428P
• MX-B707P, MX-B557P
• MX-B468P, MX-B467P, MX-B427PW

Notes on Feature Availability:

Not all features and functions are available as standard on all products and may require optional upgrades. MX-C428P, MX-B468P, MX-C607P, MX-B557P and MX-B707P do not support MFP related security features for scan and fax. Please contact your local Sharp representative for details.

Glossary

Active Directory (AD)

A database and set of services that connect users with network resources. It contains information about users and computers, managing authentication (verifying identity) and authorisation (access rights).

BIOS

In computing, BIOS (Basic Input/Output System) is firmware used to provide runtime services for operating systems and programs, and to perform hardware initialisation during the booting process.

Bitdefender Antivirus

An award-winning anti-malware engine that helps protect users against a full range of cyber threats, including viruses, Trojans, worms, ransomware, spyware, and persistent threats.

Common Criteria

A set of guidelines used to evaluate information technology equipment, forming the basis for an international agreement. It is tested by independent laboratories to ensure security standards are met.

Data Security Kit (DSK)

The Sharp DSK enhances device security with features like manual and auto data overwrite, hidden pattern printing, and more, helping meet regulatory requirements. Selected DSK models include a TPM chip for further protection of data storage areas.

Denial of Service/Distributed Denial of Service (DoS/DDoS)

DoS is an attack that blocks or disrupts normal network or device operation. DDoS uses multiple systems to amplify traffic, flooding target systems.

End-of-Lease

When a device is retired, data within it must be removed or rendered unreadable. Sharp devices offer End-of-Lease features to ensure confidential data is overwritten before removal, often up to 10 times, or with random numbers if a DSK or standard security feature is enabled.

IEEE802.1x

A network authentication protocol that grants network access after authenticating a user's identity based on credentials or certificates.

Internet Printing Protocol (IPP)

A network printing protocol supporting authentication and print job queue management, enabled by default on most modern printers and MFPs.

Internet Protocol (IP) address

A unique number assigned to devices connected to the internet, enabling them to connect with other devices. Versions include IPv4 and IPv6.

IP or MAC address filtering

IP and MAC addresses are unique identifiers for devices on the internet or local networks. Filtering checks these addresses against a whitelist before allowing network connection.

Internet Protocol Security (IPSec)

A suite of protocols for securing IP communications at the network layer, including protocols for cryptographic key establishment.

Media Access Control (MAC) address

A unique identifier assigned to a Network Interface Controller (NIC), allowing a network-connected device to be uniquely identified.

Malware attack

Malicious software (malware) that is installed without consent, attaching to legitimate code, residing in applications, or replicating across the internet.

Man-in-the-Middle (MITM) attack

An attack where an attacker secretly intercepts and potentially alters communication between two parties who believe they are communicating directly.

Network services

Services that facilitate a network's operation, typically provided by a server based on network protocols (e.g., DNS, DHCP, VoIP).

Phishing attack

A fraudulent practice of sending emails impersonating reputable companies to induce individuals to reveal personal information like passwords or credit card numbers.

Ports

Used by networked devices for communication. Unguarded open ports can be used as an attacker vector, for example, to upload malware.

Protection Profile for Hardcopy Devices v1.0 (HCD-PP v1.0)

The latest requirement for MFPs based on security specifications from the U.S. and Japanese governments, providing up-to-date security validation. It protects MFP-processed information and includes specifications for encryption and firewalls.

Protocols

A set of rules and formats that permit information systems to exchange information (e.g., IP and TLS/SSL).

Single Sign-On (SSO)

Allows users to access multiple applications or network resources with a single set of credentials. Sharp MFPs can integrate with Active Directory for Kerberos-based SSO or use OAuth tokens for cloud services.

Secure/Multipurpose Internet Mail Extensions (S/MIME)

Specifications for securing email through digital signatures and encryption, based on the MIME standard.

Spoofing attack

An attack where a malicious party impersonates another device or user on a network to launch attacks, steal data, spread malware, or bypass access controls.

Transport Layer Security/Secure Sockets Layer (TLS/SSL)

Technology that encrypts data during transfer between devices to prevent eavesdropping. Common for websites but applicable to other services.

Trusted Platform Module (TPM)

An industry-standard computer chip using cryptoprocessor technology to protect hardware like hard drives. It initiates cryptographic keys that, if mismatched during bootup, deny device access.

Whitelist

An exclusive list of approved people, entities, applications, or processes granted special permissions or access rights.

Getting smart about security

Every business is unique and faces unique challenges, so security systems should be equally tailored.

Sharp offers Smart Security Service, an innovative security 'as a service' offering. It provides bespoke profiling to ensure Sharp MFPs are delivered secure 'out of the box', with advanced security features carefully tailored to specific needs without impacting business agility or productivity.

Initially, Sharp experts discuss current and potential data threats to MFPs to define a suitable print security policy. They then develop a unique security configuration for MFPs by activating over 200 security settings, ensuring the best possible level of print security without limiting user flexibility. This service allows for pre-configuration, delivery, installation, and integration of new MFPs securely and simply, ensuring devices and information are always as secure as possible from the first printed sheet.

Welcome to Sharp

Sharp Europe enables small to large enterprises and organisations across Europe to enhance performance and adapt for their workplaces of the future through a range of business technology products and services. Sharp services and products range from printers and advanced flat screen technologies, collaboration platforms in partnership with other leading brands, through to full IT services for small companies to large enterprises and organisations. As a manufacturer and a service provider, Sharp is uniquely positioned to provide trusted advice and assurance to customers on how technology can work together seamlessly.

Design and specifications subject to change without notice. All information was correct at time of print. Sharp, Synappx and all related trademarks are trademarks or registered trade marks of Sharp Corporation and/or its affiliated companies. Microsoft, Microsoft Teams, OneDrive, and SharePoint are trademarks of the Microsoft group of companies. Android and Google are trademarks of Google LLC. AirPrint is trademark of Apple Inc., registered in the U.S. and other countries and regions. All other company names, product names and logotypes are trademarks or registered trademarks of their respective owners. ©Sharp Corporation January 2024. Ref: Security Guide v3.0 (5286). All trademarks acknowledged. E&O.

www.sharp.eu