Along with the development of the information society, we are facing various threats, such as computer viruses, personal information leakage and unauthorized access. In such situations, it is important to take the necessary security measures for everybody.
This is important not only for PCs, servers, and networks, but also for other products and services.
In order to more safely use RICOH products and services, we would like to recommend taking the following security measures.
To prevent unauthorized access from the internet, unless necessary, please use products without connecting to the network. If it is necessary to communicate with other equipment via the intranet, please do not connect to the internet, but instead connect only to your intranet network.
Please do not connect products directly to the internet. Please use them only in a secured network with a firewall or broadband router.
If a global IP address is set to a product, it is at risk of being accessed by an unspecified number of internet users and the security risk of information leakage increases.
But, if a private IP address is set, the product can be accessed only by intranet or local network. So, please set a private IP address to products.
The risk of unauthorized access increases if unnecessary ports are opened.
If the product has a port disconnection feature, please set it up to be able to communicate with only necessary ports.
Some products have a function that allows communication with only devices that have IP addresses or MAC addresses. Please turn on this function to minimize the number of users with access.
To prevent information leakage and tampering, please use encrypted data communications such as HTTPS for products with such communication features.
Regarding available communication methods, please refer to the user manual of your product. During setup, please use stronger encryption methods and set the certification properly.
If a product cannot use HTTPS or another encrypted communication method, please protect network communication by remote access VPN (SSL, IPsec, etc.).
When connecting products to wireless LAN, please use encrypted data communication to prevent information leakage and tampering.
During setup, please take care of the following points.
If a product has an authentication function, please enable it to prevent access to the product or services by unauthorized users. Regarding setup methods, please refer to the user manual of each product.
Some products have initial factory administrator and user passwords. Since these are easy to guess then use for login by unauthorized users, please change passwords before you use the products.
Please set up longer and more complex passwords to prevent unauthorized access.
Simple passwords that are only one word or are arranged in alphabetical or numerical order can be easily guessed.
In addition to “4. a. Enable authentication functions”, please minimize the number of users who can use the product and user accounts.
To provide a user account to someone who does not use the product often increases the risk of unauthorized access, because such users do not tend to change the initial password.
Also, do not allow use of one account by several users, but instead provide one account to each user.
To minimize damage by unauthorized access, please restrict user functions to a minimum. Please limit general user functions to what you expect to be the minimum required.
To minimize damage by unauthorized access, please restrict the information for users to a minimum. Especially in cloud services, it will lead to risk of access by all internet users if access rights are not set properly.
Do not use functions that allow users to access administrator accounts in order to minimize the risk of administrator account information leakage.
Updated firmware and security patches are provided for each product in order to improve security issues. So, please upload and use the latest software to minimize security risk.
Please refer to “7.c. Keep web browser software updated” in the next paragraph when you use cloud services.
Some of products try to access information from another website that is open on the same PC. To prevent information leakage and unauthorized access, please do not open other websites while logged in to RICOH products and services. Also, after using RICOH products and services, please log out properly.
Some URLs try to access information or obtain access illegally through your PC. So, please do not open such suspicious URLs.
Web browsers are vulnerable and at risk to unauthorized access. To prevent this vulnerability from being exploited for unauthorized access, please keep web browser software updated.
Also, please make sure to follow item “6. Use the latest product software”.
If a client PC is used by several users, it is at risk of installation of improper software or unauthorized operation. To prevent this risk, please set up screen lock and restrict users.
Many functions are enabled for use in the factory default settings. To reduce the risk of unauthorized access through these functions, please disable functions that you do not use. Also, if products cannot be used with some security patches, reduce the risk of unauthorized access by turning off vulnerable functions.
Please refer to announcements for each product for further information.
When you set certificates individually by product, please use certification that is issued by a trusted third party. If you use self-signed certification issued by your company, please register it before you use it as a reliable certification on client computers and other network devices.
Also, please set up the date and time properly. If not, products are not regarded as certified.
To increase security, special settings are necessary for some products.
Please refer to their manuals and announcements for proper setting by product.
After October 1, 2022, vulnerability information will be posted on this page.
This page offers the capability for visitors to search by product or service for vulnerabilities discovered and remedied in Ricoh products and services after October 1, 2022.
This explains in detail the Ricoh Group’s beliefs on and initiatives for information security.
This explains in detail our activities to protect customer information handled for Ricoh Group products and services from attackers.
This explains in detail our activities to protect customer information handled in the Ricoh Group business environment from attackers.
