Office Printer Security Best Practices

Safeguard your multifunction printer against unauthorised access, unwanted use and the risk of compromising sensitive or confidential information.


Companies go to great lengths to secure their office space and protect their computers and servers. Office MFD's (multifunction devices) often go overlooked. Every day employees use MFD's to print, copy, scan and fax documents essential to their business operations. These devices transmit and store sensitive and confidential information, both electronically and on paper, and only authorised users should be able to access, retrieve or distribute this data.

According to the International Data Corporation (IDC), very few businesses – only five percent – detect a security breach within hours of it happening.*

*Source: Lonergan, Kevin. “IT Security: Managing a New Reality.” International Data Corporation, 2018.

An MFD contains a hard drive, memory and a CPU; it stores an enormous wealth of data, including every document that it has previously printed or sent. Security is much more than 24-hour surveillance cameras and password-protected laptops. Here are some ways to protect your documents and limit access to data without impeding your productivity.

1. Device Security

The first step in safeguarding your multifunction devices is controlling who has access to them in the first place. Only authorised users should have permission to print, copy, scan and/or fax from company-owned equipment. Even those permissions can be limited based on an employee’s responsibilities. As important as it is to be a gracious host to company visitors, do not hesitate to limit the functions guests can help themselves to when it comes to your MFD's.

Office MFD Security Best Practices - Device Security.
  • Require Authentication Icon.

    Require Authentication

    Ensure only authorised users access MFD's and their functions by requiring them to confirm their identity directly at the device. With the Canon imageRUNNER ADVANCE and imageRUNNER ADVANCE DX platforms, you can choose between device-based (e.g. employees must enter a PIN before use) or card-based authentication.

  • Restrict User Access Icon.

    Restrict User Access

    Determine whether authorised users need access to every single device in your fleet. With standard imageRUNNER ADVANCE and imageRUNNER ADVANCE DX device features like AMS (Access Management System) and uniFLOW Online Express, administrators can add an extra layer of security and limit user access to specific functions on network devices (e.g. some employees can only print; others can print, copy and scan), depending on each user’s role and responsibilities.

  • Limit Guest Permissions Icon.

    Limit Guest Permissions

    Employees regularly welcome visitors to the office, whether for one-hour meetings or all-day work sessions. These guests may require access to equipment. Determine whether unregistered users will be allowed to log in as guests, then specify their level of access; for example, you may elect to limit them to only print – not copy, scan or fax – from a specific, centrally located MFD. The guest-printing feature from uniFLOW requires visitors to email their job requests for you to release.

Security. Productivity. Control.

uniFLOW Online Express is a server-less solution that comes standard on the imageRUNNER ADVANCE and imageRUNNER ADVANCE DX platforms, offering simple login and usage tracking functionalities. It incorporates three different authentication modes and five login types, depending on each customer’s preferences.

2. Information Security

Information is one of your company’s most valuable assets. Every day your MFD handles a wealth of that information, both in hard copy and electronically. It’s important to protect that data, both in storage and in transit. Do that by implementing security protocols that require user authentication, encrypting transmitted documents and ensuring your data doesn’t leave the company, even once the device does.

Office MFD Security Best Practices - Information Security.
  • Office MFD Security Best Practice - Unattended Documents.

    Do Not Leave Documents Unattended

    Sensitive and confidential information is vulnerable when left unattended in output trays. Implement security protocols that require users to either log in or create a PIN to release print jobs directly at the device.

  • Office MFD Security Best Practice - Encrypt PDFs Icon.

    Encrypt PDFs

    PDFs often represent some of your company’s most important information: contracts, proposals, financial statements, etc. Encrypt PDFs sent by email or stored on a file server so only users with the correct password can view, print or edit them. For added security, add a digital signature to verify the PDF’s source and authenticity.

  • Office MFD Security Best Practice - Protect Your Hard Drives Icon.

    Protect Your Hard Drive

    Just like a laptop, a printer becomes a significant database of information over the course of its life cycle. Canon imageRUNNER ADVANCE and imageRUNNER ADVANCE DX devices provide standard support for HDD Encryption, which helps protect sensitive information stored on the hard drive. Set routine job processing to erase previous print job data automatically. When you return or retire the device, you can overwrite all user data areas on the hard drive.

  • Office MFD Security Best Practice - Secure Jobs In Transit Icon.

    Secure Jobs In Transit

    The second you hit “send,” your print job is susceptible to interception. uniFLOW output management software encrypts print jobs using AES-256 respectively RSA encryption until they reach the device from which they can be securely released.

The Force Is With You

Hitting “send” to print, copy, scan or fax takes a document out of employees’ hands but never out of yours, thanks to these administrative controls.

  • Office MFD Security Best Practice - FPRI Icon.

    Forced Print User Details

    Print the name of the logged-in user on printed or copied documents.

  • Office MFD Security Best Practices - Forced Watermark Icon.

    Forced Secure Watermark

    Embed invisible text (for example, “Confidential”) in the background of printed or copied documents. The text becomes visible on copied documents.

  • Office MFD Security Best Practices - Forced Hold Icon.

    Forced Hold

    Require intended document recipients to authenticate themselves directly at the device to release their printouts. For further visibility, organisations can benefit from the standard uniFLOW Online Express solution, which provides tracking capabilities and identifies not only who has printed but also what they printed.

3. Device/Security Management

Your MFD’s security features need to safeguard your data from internal and external attacks as it travels the network. Canon’s partnership with McAfee® further protects Canon imageRUNNER ADVANCE Third Edition models, as well as imageRUNNER ADVANCE DX models, from cyber threats. Additionally, Verify System at Startup is a process that can be enabled to verify the validity of the BIOS (Basic Input/Output System) in the device on each boot. Ideally, the device should also integrate with an existing SIEM system, which provides your network administrators with real-time, comprehensive insights into network activity. Other best practices include permitting only authorised users or groups to access and print to the device; limiting device communication to designated IP addresses; and controlling availability of individual network protocols.

Office MFD Security Best Practices - Security Management.
  • Office MFD Security Best Practice - SIEM Monitoring Icon.

    Include MFDs in SIEM Monitoring

    Third Generation imageRUNNER ADVANCE and imageRUNNER ADVANCE DX MFDs come standard with SIEM (Security Information and Event Management) integration, enabling real-time collection of device information to monitor and control internal and external threats. Administrators can set alerts to notify them of potential issues, such as failed authentication attempts and changes in settings.

  • Office MFD Security Best Practice - Encryption Protocols Icon.

    Use Common Encryption Protocols

    Data sent between an MFD device and either a PC or server is usually sent in clear (plain) text, leaving it susceptible to interception. Canon provides SSL (Secure Sockets Layer) encryption support for transmissions to and from the device, ensuring your information is impossible to read by unauthorised eyes. Canon systems also support IPSec (Internet Protocol Security), which encrypts inbound and outbound network traffic, confirms sender identity and helps ensure unaltered transmission receipt.

  • Office MFD Security Best Practice - Verify System Icon.

    Verify System At Startup

    Canon Third Generation imageRUNNER ADVANCE (Third Edition only) and imageRUNNER ADVANCE DX MFDs feature the ability to help verify that the device boot process, firmware and applications initialize at startup, without any alterations or tampering by malicious third parties. During operation, McAfee® Embedded Control utilises a white list to protect against malware and tampering of firmware and applications.

  • Office MFD Security Best Practice - Permit Users Icon.

    Permit Only Authorised Users

    Canon imageRUNNER ADVANCE and imageRUNNER ADVANCE DX systems also support the IEEE 802.1x protocol, providing authentication to network devices and establishing a closed connection. The protocol helps keep unwanted users from connecting to the network.

uniFLOW Online

uniFLOW is a single platform solution for print, scan and device management. It’s Secure Print functionality allows users to send sensitive documents to network printers from desktop and mobile devices. Documents can be printed only after users authenticate themselves directly at the device.

4. Workflow Security

Sometimes it’s as simple as a misdialed fax number or a typo on a destination scan and send. Honest mistakes happen during the course of a workday. The key is having a system in place that ensures your company’s confidential data doesn’t end up somewhere it shouldn’t as a result. Keep sensitive data secure at every stage by controlling document delivery, restricting contact lists and requiring multiple confirmation checks.

Office MFD Security Best Practices - Workflow Security.
  • Office MFD Security Best Practice - Check Everything Twice Icon.

    Check Everything Twice

    Sending documents to the wrong destination can lead to leaks of confidential information. All Third Edition imageRUNNER ADVANCE and imageRUNNER ADVANCE DX devices come equipped with functions to reduce the risk of documents inadvertently ending up in incorrect hands. For instance, you can configure a device to require fax numbers be entered twice before sending; display a confirmation screen before dialing through a fax; and/or check scanned images on the preview screen before sending.

  • Office MFD Security Best Practice - Keep Address Books Confidential Icon.

    Keep Address Books Confidential

    Limit each user’s access to names and numbers relevant to their role and responsibilities. An additional layer of password-based security restricts who can access the Address Book, as well as who can add, edit or remove entries.

  • Office MFD Security Best Practice - Restrict Scan Destinations Icon.

    Restrict Scan Destination

    Limit all users or just certain groups to sending to addresses in a specific book or domain. You can further limit users to send only to addresses registered in the Address Book or one-touch buttons. For higher levels of control, users can send documents only to themselves.

  • Office MFD Security Best Practice - Control Fax Delivery Icon.

    Control Delivery Of Faxes

    With Canon imageRUNNER ADVANCE and imageRUNNER ADVANCE DX devices, incoming documents are stored in a proprietary format that helps protect them from malicious activity. Incoming faxes can be delivered directly to the recipient’s personal Mail Box, instead of sitting unattended in the arrival tray. The destination of outgoing faxes can be limited and controlled as well.

5. Auditing And Tracking

By capturing, auditing and archiving every activity performed on an MFD, you create an easily searchable trail in the event of a security breach. Sophisticated security features even allow you to embed invisible tracking information in printouts; receive notification if specific information is being printed, copied or scanned; and prevent the sharing of hard-copy documents with unauthorised persons.

Office MFD Security Best Practices - Auditing And Tracking.
  • Office MFD Security Best Practice - Capture Device Information Icon.

    Continuously Capture Device Information

    Ideally, your MFD should be able to record, trace and restrict interactions involving both electronic and paper documents. Canon security solutions can provide a wide range of details, including IP address, job type, time and user; more advanced solutions can even capture text and images. Administrators can easily search through these records should a security breach occur.

  • Office MFD Security Best Practice - Receive Notifications Icon.

    Receive Notifications

    Configure the system to send alerts if documents containing sensitive keywords – for example, a code name for a project – are printed, scanned, copied or faxed on a device. With an additional, optional feature, these documents become traceable by your IT department.

  • Office MFD Security Best Practice - Tight Control On Original Documents Icon.

    Keep Tight Control On Original Documents

    When a specific keyword is printed, scanned, faxed, copied or sent, a designated administrator can automatically be notified that restricted information may have been shared. The administrator can also restrict duplication of documents that contain specific keywords.

Browse The imageRUNNER DX Lineup
Need help choosing a printer for your office?

Use our assistant to pair a printer with your needs.

Find my match