EO Johnson Blog

Copy and Print Security in a Dangerous Digital World

Written by EO Johnson Business Technologies | Tue, Jan 18, 2022

How the right business tech and managed service provider can help

"Are my printers and copiers secure?"

At EO Johnson Business Technologies and Locknet Managed IT, it's a question we get often. And for good reason. Increasingly, copy and print security are essential to protecting your business. Luckily, the right business technologies and managed service providers can ensure you have the highest level of protection from attack.

Think it can't happen to you? Think again.

In August 2020, the technical team at Cybernews.com hacked 28,000 printers. Luckily their intent was only to print out a manual on securing printers at each device. The methods used to perform such an attack are surprisingly simple and available to anyone with an internet connection. While the Cybernews.com team's motive to spread awareness of printer vulnerabilities was admirable, those with insecure printers might not find such luck with the next hackers.

Understanding how bad guys set up attacks

Individuals and even organizations often ask, “Why would anyone attack me? Or my small business? Or our school?” assuming they are too rural, too small, or don’t have valuable information for hackers. The unfortunate truth is hackers are very savvy and armed with cutting-edge tools. These tools are automated, specialized, and can perform a mind-boggling amount of functions across many connections concurrently.

Often the attack doesn’t start with a targeted individual, business, school, or municipality, instead, it starts by scanning for easy access. In other words, your vulnerable print device is the target because it’s vulnerable in the first place. Once a hacker has found a vulnerability, they can use this as an entry point into your entire network. DDOS attacks, botnets, spyware, ransomware, and a host of other attacks are now available at the hackers’ discretion. That's why printer security is so vitally important.

"But doesn’t our firewall protect us?!?!"

While it’s true the importance of a firewall can not be overstated, the shocking truth is, hackers are attacking from within more than ever before. IoT (Internet of Things) and social engineering attacks continue to skyrocket in 2022 with no signs of slowing down. Unlike PCs, there is no anti-virus software for most IoT devices, including copiers and printers, making them particularly vulnerable.

What does that mean for you? Hackers can use a single device to leapfrog onto a network allowing them to add malware, pull sensitive data, cause disruptions, and even take down a network. Having the right managed service provider and business technologies partner in place is key.

How can our copiers and printers be secured against potential threats?

Attackers are most often targeting insecure (and unused!) protocols, insecure device admin passwords, and outdated firmware vulnerabilities. The most impact you’ll find in protecting your network will come by taking three important, basic steps:

  • Close Unused Ports and Protocols — Telnet and FTP are examples of highly targeted and insecure protocols whose ports (23, 20/21) should be closed.
  • Update Admin Passwords — Many manufacturer default passwords are insecure and need to be updated before connecting to your network.
  • Update Firmware — Hackers are reading through CVE reports and scanning for vulnerable firmware versions to exploit. The best way to protect yourself from this while keeping device functionality current is to continually update device firmware.

While completing these three basic steps will protect you from most attacks, additional print security considerations should be taken into account. These security measures below will help to give you and your organization additional peace of mind:

  • Explore Authentication For Secure Printing And Scanning — This will help to ensure only the person who prints a document is receiving it and gives you an audit trail of anyone accessing a device.
  • Consider Turning Off USB Connections — USB sticks and Flash drives can contain malware and viruses; this extra functionality is often not worth the risk.
  • Avoid Analog Faxing — An exploit in faxing dubbed “Faxploit” showed this risk of analog faxing and how fax protocols can be exploited. Cloud faxing helps to protect against this risk and unauthenticated fax users.

Depending on the compliance standards of your industry, corporate security policy, and sensitivity of data, there can be many factors to take into consideration. You may also want to consider SNMP community strings, printer certificates issued by a CA, specialized printer security software, and other protections to ensure your valuable data and network access are fully protected. Bottom line: print security is everybody's business. To discuss the specific security needs for your print devices and keep your network secure, contact an EO Johnson representative today for a free consultation.