Could Your Printer Be the Weakest Link in Your Cybersecurity Chain?
For many executives, printers appear to be the safest technological device in the office. These businesspeople grew up in an era in which printers had one job: printing. Modern printers, on the other hand, are much more multifaceted. Treating these newer models like their predecessors is a major security mistake.
A February 2013 report from the research and analytics firm Quocirca highlighted the risks posed by printers. After surveying 150 companies from France, Germany, and the UK, Quocirca found that nearly two-thirds of the respondents had suffered from at least one printer-related data breach. The report concluded that a lack of awareness was the underlying cause for these security incidents. The companies did not know about the dangers related to using an unsecured printer, nor did they know how to protect these devices from criminals.
Printers have become a popular target for hackers, largely because they are frequently left unguarded and unsecured. Cybersecurity researcher Michael Jordon demonstrated just how vulnerable these devices are when he revealed at a September 2014 conference that he was able to hack into and install files on a stock Canon Pixma printer. To illustrate the point, he showcased a printer in which he had installed a version of the classic computer game Doom.
Treating Printers Like Computers
While Jordon's methods added a little humor to the conference, the situation itself is no laughing matter. Hackers can infect unsecured printers with malware that can spy on the documents being printed. Even worse, infected printers can be used to break into companies' wireless networks.
Today's multifunction printers do far more than just print files. These devices can scan, fax, and copy documents, as well as send emails. They have the ability to wirelessly connect to a network, and contain hard drives capable of storing thousands of sensitive or confidential files.
Thanks to their advanced functionalities and onboard software, these devices have more in common with computers than they do with older printers. In light of this fact, companies should be treating their printers the same way that they treat their computers.
Protecting Your Printers
Several of the latest printers feature built-in security measures like firewalls and encryption tools. However, this doesn't mean that you can rely on them to do all of the work for you. Be sure to update your printer's firmware on a regular basis and change its default login information as soon as possible.
Many printers also come with the ability to store printing tasks, in case you need to print them again. Leaving these files on your printer is a security liability, though, so you should disable this setting. Alternatively, if you decide to leave this setting on, remember to wipe the printer's internal hard drive before selling or discarding it.
A print server solution lets you keep close tabs on your printers. Each printing task is sent to the server rather than a printer. In order to send the task over to a printer, a user would need to enter a password, PIN code, or smart card into the printer. Using a print server makes things easier for your employees, since they won't have to keep track of the destination names for each of your printers. Instead, they simply print from the printer that they are using. More importantly, you can use a print server solution to control access to your printers. These solutions let you track usage, so you'll always know who is printing which documents.
As a cybersecurity measure, print servers really shine when a company has more than a few printers. If your office uses multiple printers, speak with your IT service provider about adding one of these devices to your IT infrastructure.
About the Author
Geoff Stewart is a highly experienced and skilled IT Challenger at Surety IT. His knowledge is based on years of industry experience having created customised, stable, well performing systems both for multi-national companies in the UK and Australia and Surety IT customers.
Surety IT’s mission is to address and overcome the 4 biggest problems businesses have with their IT systems and support, which are: Poorly performing systems, unreliable systems, unresponsive IT support and poor IT related advice.
We’ve developed a proprietary process that allows us to do that by: thoroughly understanding your business requirements, gaining an in-depth knowledge of your IT systems, identifying mission critical technology issues vital to your business performance and ensuring our ‘Solution Path’ process is specifically designed and tailored for you with value based solutions and support.