Did we ever think we would worry about our printers being business security risks, like we worry about our networks?  Well, that time is here.

Printer Security: A security risk under the radar screen

With stories of businesses’ networks being hacked generating more and more headlines, the printers and multifunction devices sitting in our offices have gotten overlooked.  While IT decision makers focus their attention on doing a better job of locking down PCs and their networks, hackers are looking for further opportunities to get past those measures.  Without a watchful eye on those multifunction devices they are left exposed, and hackers are setting their sights on them.

Think about the plethora of documents that end up being printed on your multifunction machines – all types of confidential information, employee records, customer data, classified documents, etc.  How many of the documents being printed on your unsecure printers would be a gold mine of information for a hacker?

The problem

The features multifunction printers have today make them equivalent to powerful computers.  This functionality also makes them attractive to hackers.  For example, multifunction devices integrate into print management systems and networks, some integrate with apps for features like mobile printing or saving to the cloud, and some have local storage capabilities that were once only available on computers.

To further complicate the vulnerabilities, many printers have no restrictions on who can print to them, especially in environments where many people share devices (like schools, universities, etc.). Hackers sending offensive documents to print on those machines may not only offend people using those devices, but they will waste paper, and worse yet, those hackers may have access to the other documents printed  or scanned on that machine.

There are additional risks caused by multifunction printers:

  • Many printers have default passwords or no passwords at all. Or, many use the same password.
  • Too often printers are located outside the network firewall.
  • Brands vary and some may not offer appropriate security settings.
  • Businesses don’t activate printer security or install security upgrades.

What to do

The first thing to do is understand the problem and realize that your unsecured printers and multifunction devices can cause a security risk.  By virtue of you reading this article, you may have the box checked.

The next thing to do is important – Develop and implement a strategy for securing printers in your business.  Then commit to proactively updating those policies, procedures, and technologies.  If you don’t have internal specialists, consider working with an external partner.  Ask your printer partner what they can offer in terms of printer security or consult with your IT partner.  Your goal is to put policies in place for your printers to mitigate data security risks.

Some of the things you should address in your strategy and policies include:

  • Determine which features and functionality are needed in your business. Disable those you don’t need and properly configure and secure the functionality you need.
  • Configure your printers to allow access from approved networks and devices. It is not a good idea to have access to the Internet.
  • Change the default password to the administration control panel webpage.
  • Update and patch your multifunction devices and printers.
  • Make sure you have the right printer for the right needs. Large shared printers have robust functionality including storing data on hard drives, disk encryption, and erasing data after the print job is done.

 

We love our multifunction printers.  With printing, copying, scanning, faxing, document storage, and other mission critical functionality we simply can’t do without them.  We do, however, need to be aware of the vulnerabilities they produce if not properly secured.  Get ahead of the hackers and get a printer security program in place.