Security of RICOH Products and Services

Recommendations for Security Measures

Along with the development of the information society, we are facing various threats, such as computer viruses, personal information leakage and unauthorized access. In such situations, it is important to take the necessary security measures for everybody.
This is important not only for PCs, servers, and networks, but also for other products and services.
In order to more safely use RICOH products and services, we would like to recommend taking the following security measures.

1.Use products on a protected network

aUse products without connecting to the network, or use them only in a closed network

To prevent unauthorized access from the internet, unless necessary, please use products without connecting to the network. If it is necessary to communicate with other equipment via the intranet, please do not connect to the internet, but instead connect only to your intranet network.

bUse products only in secured networks such as firewalls

Please do not connect products directly to the internet. Please use them only in a secured network with a firewall or broadband router.

cUse a private IP address

If a global IP address is set to a product, it is at risk of being accessed by an unspecified number of internet users and the security risk of information leakage increases.
But, if a private IP address is set, the product can be accessed only by intranet or local network. So, please set a private IP address to products.

2. Restrict communication with products

aBlock unnecessary ports

The risk of unauthorized access increases if unnecessary ports are opened.
If the product has a port disconnection feature, please set it up to be able to communicate with only necessary ports.

bRestrict communication by IP addresses or MAC addresses

Some products have a function that allows communication with only devices that have IP addresses or MAC addresses. Please turn on this function to minimize the number of users with access.

3. Encrypt communication data of products

aUse encrypted data communication such as HTTPS

To prevent information leakage and tampering, please use encrypted data communications such as HTTPS for products with such communication features.
Regarding available communication methods, please refer to the user manual of your product. During setup, please use stronger encryption methods and set the certification properly.

bUse VPN

If a product cannot use HTTPS or another encrypted communication method, please protect network communication by remote access VPN (SSL, IPsec, etc.).

cEncrypt wireless LAN communication

When connecting products to wireless LAN, please use encrypted data communication to prevent information leakage and tampering.
During setup, please take care of the following points.

  • Hide SSID (access point name).
  • Do not use an encryption key (password) which can be easily guessed.
  • Do not use weak encryption methods such as WEP.

4. Configure the settings of products' authentication functions

aEnable authentication functions

If a product has an authentication function, please enable it to prevent access to the product or services by unauthorized users. Regarding setup methods, please refer to the user manual of each product.

bChange the initial password

Some products have initial factory administrator and user passwords. Since these are easy to guess then use for login by unauthorized users, please change passwords before you use the products.

cSet a complex password

Please set up longer and more complex passwords to prevent unauthorized access.
Simple passwords that are only one word or are arranged in alphabetical or numerical order can be easily guessed.

5. Restrict access to products

aLimit the users who can use the product

In addition to “4. a. Enable authentication functions”, please minimize the number of users who can use the product and user accounts.
To provide a user account to someone who does not use the product often increases the risk of unauthorized access, because such users do not tend to change the initial password.
Also, do not allow use of one account by several users, but instead provide one account to each user.

bRestrict user functions

To minimize damage by unauthorized access, please restrict user functions to a minimum. Please limit general user functions to what you expect to be the minimum required.

cRestrict information for users

To minimize damage by unauthorized access, please restrict the information for users to a minimum. Especially in cloud services, it will lead to risk of access by all internet users if access rights are not set properly.

dDo not use administrator rights

Do not use functions that allow users to access administrator accounts in order to minimize the risk of administrator account information leakage.

6. Use the latest product software

Updated firmware and security patches are provided for each product in order to improve security issues. So, please upload and use the latest software to minimize security risk.
Please refer to “7.c. Keep web browser software updated” in the next paragraph when you use cloud services.

7. Cautions for client PCs that connect with products

aDo not open other websites while logged in, and log out after use

Some of products try to access information from another website that is open on the same PC. To prevent information leakage and unauthorized access, please do not open other websites while logged in to RICOH products and services. Also, after using RICOH products and services, please log out properly.

bDo not open suspicious URLs or emails

Some URLs try to access information or obtain access illegally through your PC. So, please do not open such suspicious URLs.

cKeep web browser software updated

Web browsers are vulnerable and at risk to unauthorized access. To prevent this vulnerability from being exploited for unauthorized access, please keep web browser software updated.
Also, please make sure to follow item “6. Use the latest product software”.

dRestrict users of client PCs

If a client PC is used by several users, it is at risk of installation of improper software or unauthorized operation. To prevent this risk, please set up screen lock and restrict users.

8. Configure product-specific settings

aDisable functions that are not used

Many functions are enabled for use in the factory default settings. To reduce the risk of unauthorized access through these functions, please disable functions that you do not use. Also, if products cannot be used with some security patches, reduce the risk of unauthorized access by turning off vulnerable functions.
Please refer to announcements for each product for further information.

bConfigure the certificate settings. Set the correct time

When you set certificates individually by product, please use certification that is issued by a trusted third party. If you use self-signed certification issued by your company, please register it before you use it as a reliable certification on client computers and other network devices.
Also, please set up the date and time properly. If not, products are not regarded as certified.

c Configure the settings recommended for the product

To increase security, special settings are necessary for some products.
Please refer to their manuals and announcements for proper setting by product.