Layer 3: Application security

While the software is designed to accelerate efficiency and productivity, it can also pose risks. Embedded software applications, installed apps, and software running as cloud services can be potential targets for breaches. Therefore, your data must be protected.

Similar to securing your devices, your organization must also secure both your software applications and the data those applications generate. Safely managing all that data is a challenge for many organizations today.

Designed with security in mind

Ricoh provides various software and embedded solutions for IT systems, business process management, and multifunction devices and printers. Therefore, firmware and applications that run on Ricoh devices undergo rigorous review and must be compatibility certified and digitally signed by Ricoh in addition to many other security factors.

During the use of these products, we provide security functions to ensure customers’ sensitive data is protected from various threats. This includes responding to persistent vulnerabilities for both multifunction copiers and printers.

Security-related threats are becoming more advanced and sophisticated each day. Ricoh continues to protect customer information assets and provide products that can be adapted to both the customer’s office environment and security policy, ensuring these products can be used with confidence.

Application security best practices

To protect against damage resulting from malicious third parties, system administrators should consider the following:

1. Read the entire license agreement for each software and embedded solutions. In order to continue use, you must agree to the terms.
2. Confirm your operating system and/or device firmware is the most recent version before installation and operation. Install and operate software and embedded solutions on a network protected by a firewall. To avoid inherent risks, it’s suggested not to connect software and embedded solutions directly to the Internet.
3. Limit access to software and embedded solution products to only authorized users and limit access to the software and embedded solution products by access control and allowing only approved IP address ranges.
4. To prevent unauthorized access by malicious third parties, change the default administrator password for the software and embedded solution products and operating system.
5. Confirm software, software operating system, embedded solutions, and multifunction printer or printer are configured correctly to meet your desired workflow and follow your company’s security policy.
6. Multifunction printer and printer security settings should be appropriately set according to the details described in the multifunction copier or printer instruction manual in the “Safety Precautions” section.
7. Use encryption for all data in transit. Furthermore, certificates should be signed by either a company-hosted or public third-party Certificate Authority. Inherent risks exist if using self-signed certificates.
8. Instruction and training should be given to people who use the software and embedded solutions.
9. To limit outside threats, ensure browser security is enabled on computers used to manage software and embedded solutions. Additionally, do not use the same browser or browser session to manage/access software and embedded solutions while accessing outside network resources at the same time. Completely log off any software and embedded solutions before accessing outside network resources.
10. For software and embedded solutions that are discontinued, uninstall the software and remove any personal or sensitive data used in previous workflows. This will prevent leakage of customer-sensitive information that may remain there.

Source:  RICOH USA