Three basic measures are essential in every printing environment regardless of whether one is looking at security from the individual, administrator, or company perspective.
The secured print feature ensures that the printing end-user has full control over when and where their documents are printed.
Enclosed user sessions should include both user authentication and automatic logout.
Print files should be stored in a secured place on the MyQ Print Server.
Beyond these basic security options, there are additional MyQ features which can further increase user privacy. To disable access to already printed documents, you can set up private queues where jobs are deleted immediately after they are released.
Once enabled, the MyQ privacy mode prevents everyone except for the printing user from knowing the name of the printed file.
MyQ is compliant with GDPR and has implemented the necessary steps to make sure that all users' rights given by the regulation are secured in the MyQ system. Three of the most important new features are the option to provide MyQ users with all their data, the option to anonymize user accounts, and a customizable message on users’ MyQ Web Interface informing them about their rights.
MyQ Secure Print
The importance of printer management has increased with the move away from small desktop printers to centralized high performance multifunctional printing devices.
Controlling access to documents as they come out of the printer is an essential and basic element in workflow security. In addition to security, restricting access to printed output is also part of managing office expenditures and project budgeting.
The MyQ Secure Print feature releases sent jobs only after the end-user reaches the multifunctional printer and authenticate themselves with an ID card, a PIN, or a username + password. This means that the printed copy is produced only under full physical control of the authorized person, preventing the accidental or malicious pickup of materials.
MyQ Device Login/Logout
Requiring user authorization at the printing device enhances copying and scanning security in addition to enabling the release of individual print jobs.
One scenario which demonstrates the importance of this is when a user copies a sensitive document and the printing device runs out of paper or gets into error status.
In this case, some of the document is typically stored in the device's memory and can be released to anyone who refills the paper or resolves the device's issue, e.g. paper jam.
With MyQ Authentication activated, the user simply logs out of the device and the device's memory is automatically cleared.
Automatic logout from the printing device is another important security feature. Research shows that the human factor is often the weakest link in the security chain. Although users are instructed to always log out of the device after completing a project or in the event of an unexpected situation, they might not – and instead leave the device with an open session.
MyQ enables the administrator to trigger an automatic logout and set a time period after which the device is automatically locked.
In addition, MyQ enables two- level authentication as well as the choice of several authentication options such as an ID card and PIN or a combination of an ID card and password.
All print files are stored at the MyQ Server in a predefined folder and the MyQ administrator can set the period after which the files are automatically deleted. By securing this folder, the administrator minimizes the risk of unauthorized access to the print data.
We recommend enabling OS level HDD encryption of the print folder.
The MyQ administrator can secure scanned files similarly as with print files. A fixed destination can be set for every user, so that they can send documents only to approved destinations and restricts their ability to send sensitive data to any email address or shared folder.
By default, already released print jobs are stored on the print server for a period of time defined by the MyQ administrator. This way, users can reprint documents without the need to resend them to the server and the administrator can overview printed jobs.
Although this is generally useful, the prolonged access period can be a security threat for documents that are confidential or contain sensitive information. To protect these documents, the MyQ administrator can enable users or departments to use private queues, where print jobs are deleted immediately after they are released.
For companies needing a high level of personal data protection, MyQ can be switched to a special mode which does not save or display any personal data that would compromise the company's data protection policies.
In this mode, logged users can see only the names of their own jobs. The names of all other jobs are masked by ***. This rule is applied to all user roles, so that even system administrators cannot see names of the jobs from other users. Furthermore, this limits MyQ reporting to Printer and User Group related reports, disabling all Print Job and User-based reports.