Recommendations for Security Measures
It is more than just about Ricoh products and services. The risks associated with your usage habits, tools, equipment, and components—such as computers, mobile devices, servers, and even networks you regularly use—should also be handled properly. To ensure data security, you need to make sure that they will be always controlled, maintained, and enhanced with the right security measures.
1. Use products on a protected network
- Use products without connecting to the network, or use them only in a closed network
To prevent unauthorized access from the internet, unless necessary, please use products without connecting to the network. If it is necessary to communicate with other equipment via the intranet, please do not connect to the internet, but instead connect only to your intranet network. - Use products only in secured networks such as firewalls
Please do not connect products directly to the internet. Please use them only in a secured network with a firewall or broadband router. - Use a private IP address
If a global IP address is set to a product, it is at risk of being accessed by an unspecified number of internet users and the security risk of information leakage increases. But, if a private IP address is set, the product can be accessed only by intranet or local network. So, please set a private IP address to products.
2. Restrict communication with products
- Block unnecessary ports
The risk of unauthorized access increases if unnecessary ports are opened. If the product has a port disconnection feature, please set it up to be able to communicate with only necessary ports. - Restrict communication by IP addresses or MAC addresses
Some products have a function that allows communication with only devices that have IP addresses or MAC addresses. Please turn on this function to minimize the number of users with access.
3. Encrypt communication data of products
- Use encrypted data communication such as HTTPS
To prevent information leakage and tampering, please use encrypted data communications such as HTTPS for products with such communication features. Regarding available communication methods, please refer to the user manual of your product. During setup, please use stronger encryption methods and set the certification properly. - Use VPN
If a product cannot use HTTPS or another encrypted communication method, please protect network communication by remote access VPN (SSL, IPsec, etc.). - Encrypt wireless LAN communication
When connecting products to wireless LAN, please use encrypted data communication to prevent information leakage and tampering. During setup, please take care of the following points.- Hide SSID (access point name).
- Do not use an encryption key (password) which can be easily guessed.
- Do not use weak encryption methods such as WEP.
4. Configure the settings of products' authentication functions
- Enable authentication functions
If a product has an authentication function, please enable it to prevent access to the product or services by unauthorized users. Regarding setup methods, please refer to the user manual of each product. - Change the initial password
Some products have initial factory administrator and user passwords. Since these are easy to guess then use for login by unauthorized users, please change passwords before you use the products. - Set a complex password
Please set up longer and more complex passwords to prevent unauthorized access. Simple passwords that are only one word or are arranged in alphabetical or numerical order can be easily guessed.
5. Restrict access to products
- Limit the users who can use the product
In addition to “4. a. Enable authentication functions”, please minimize the number of users who can use the product and user accounts. To provide a user account to someone who does not use the product often increases the risk of unauthorized access, because such users do not tend to change the initial password.
Also, do not allow use of one account by several users, but instead provide one account to each user. - Restrict user functions
To minimize damage by unauthorized access, please restrict user functions to a minimum. Please limit general user functions to what you expect to be the minimum required. - Restrict information for users
To minimize damage by unauthorized access, please restrict the information for users to a minimum. Especially in cloud services, it will lead to risk of access by all internet users if access rights are not set properly. - Do not use administrator rights
Do not use functions that allow users to access administrator accounts in order to minimize the risk of administrator account information leakage.
6. Use the latest product software
Updated firmware and security patches are provided for each product in order to improve security issues. So, please upload and use the latest software to minimize security risk. Please refer to “7.c. Keep web browser software updated” in the next paragraph when you use cloud services.
7. Cautions for client PCs that connect with products
- Do not open other websites while logged in, and log out after use
Some of products try to access information from another website that is open on the same PC. To prevent information leakage and unauthorized access, please do not open other websites while logged in to RICOH products and services. Also, after using RICOH products and services, please log out properly. - Do not open suspicious URLs or emails
Some URLs try to access information or obtain access illegally through your PC. So, please do not open such suspicious URLs. - Keep web browser software updated
Web browsers are vulnerable and at risk to unauthorized access. To prevent this vulnerability from being exploited for unauthorized access, please keep web browser software updated.
Also, please make sure to follow item “6. Use the latest product software”. - Restrict users of client PCs
If a client PC is used by several users, it is at risk of installation of improper software or unauthorized operation. To prevent this risk, please set up screen lock and restrict users.
8. Configure product-specific settings
- Disable functions that are not used
Many functions are enabled for use in the factory default settings. To reduce the risk of unauthorized access through these functions, please disable functions that you do not use. Also, if products cannot be used with some security patches, reduce the risk of unauthorized access by turning off vulnerable functions.
Please refer to announcements for each product for further information. - Configure the certificate settings. Set the correct time
When you set certificates individually by product, please use certification that is issued by a trusted third party. If you use self-signed certification issued by your company, please register it before you use it as a reliable certification on client computers and other network devices. Also, please set up the date and time properly. If not, products are not regarded as certified. - Configure the settings recommended for the product
To increase security, special settings are necessary for some products.
Please refer to their manuals and announcements for proper setting by product.