Security Measures for Software Solutions
Ricoh provides various software and embedded solution products for multifunction printer & printers. Those products will provide the best possible experience when using and managing the devices. During the use of these products, we provide security functions to ensure customers sensitive data is protected from various threats. This includes responding to persistent vulnerabilities for both multifunction copiers & printers.
Security-related threats are becoming more advanced and sophisticated each day. Ricoh will continue to protect customer information assets and provide products that can be adapted to both the customer’s office environment and security policy and ensure these products can be used with confidence. It is necessary to perform security settings that match the customer’s environment before operating these products to ensure the customer security policy is met. Ricoh informs customers about the importance of security and provides support so that customers can perform the correct security settings.
To protect against damage resulting from malicious third parties, software and multifunction printer & printer administrators should heed the following points and perform the appropriate installation and settings for the software and embedded solution products.
Important points for use
- Read the entire license agreement for each software and embedded solution products. In order to continue use, you must agree to the terms.
- Confirm your software operating system and or multifunction printer & printer firmware is up to the most recent version before installation and operation.
- Control access to software and embedded solution products to only authorized users.
- Best practice is to install and operate software and embedded solution products on a network protected by a firewall. To avoid inherit risks, it's suggested not to connect software and embedded solution products directly connected to the Internet.
- Limit access to the software and embedded solution products by access control and allowing only approved IP address ranges.
- When using access control to limit the IP address range that can access the software and embedded solution products, confirm the access can be granted to approved ranges.
- To prevent unauthorized access by malicious third parties, change the default administrator password for the software and embedded solution products and operating system.
- It's strongly recommended when changing the administrator password form default, to use a complex password that meets company policy. We recommend a character string of 13 or more letters made up of lower and upper-case alphabetical characters, numbers and symbols.
- Keep all software and embedded solution products up to the latest product versions.
- It's strongly recommended before installing, managing or operating software and embedded solution products, you read and understand all product documentation including but not limited to the product’s instruction manual and Readme files.
- The software and embedded solution products connects to or operates on a multifunction printer & printer to enable enhanced security features. Confirm software, software operating system, embedded solution product and multifunction printer & printer are all configured correctly to meet your desired workflow and follow your companies security policy.
- Multifunction printer & printer security settings should be appropriately set according to the details described in the multifunction copier or printer instruction manual.
- It's highly recommended that encryption be used for all data in transit. Furthermore it's recommended all certificates be signed by either a company hosted or public third-party Certificate Authority. Inherit risks exist if using self-signed certificates.
- When using an older generation multifunction printer & printer, it may not be technically possible to use the latest security function. (Ex: TLSv1.2 is not supported) In such a case, either consider replacing the older generation multifunction printer & printer or use it in a controlled environment where the risk of malicious third party actors access is low.
- Instruction and training should be given to people who use the software and embedded solution products.
- To outside threats, ensure browser security is enabled on computers used to manage software and embedded solution products.
It's recommended not to use the same browser or browser session to manage/access software and embedded solution products while accessing outside network resources at the same time. It's further suggested to completely log off of any software and embedded solution product before accessing accessing outside network resources. - Software and embedded solution products are discontinued, it's suggested to uninstall the software and remove any personal or sensitive data that the software and embedded solution product may have been using to accomplish the desired workflow. This will prevent leakage of customer sensitive information that may remain in the software and embedded solution products.
For more details, please visit https://www.ricoh.com/products/security/software