It sits there unnoticed, maybe in the corner of the office, maybe in a room cluttered with supplies, maybe on one side of your desk. About the only time you give it any attention is when it doesn't work. Yet this seemingly innocuous piece of technology also represents a significant security risk to your enterprise.
We’re talking about the printer.
As strange as it may sound, printers are really mini-computers that run operating systems. They store information – whether printed, scanned, or faxed – on hard drives, and those drives can be an appealing and somewhat easy target for hackers.
According to Quocirca, an IT research and analysis firm, 63 percent of the businesses it surveyed have been victims of print-related data breaches. Additionally, the Ponemon Institute found that 60 percent of the companies it surveyed had similar breaches, and that these required an average of 46 days to correct. That is a lot of lost time and productivity.
The threat is clear: Unsecured printers provide a gateway for cyber-criminals. But the thieves are not necessarily interested in getting what’s printed. They want to invade your network and access confidential, sensitive business data – including corporate, personal, and employment information. In a case in Denmark, hackers took a company’s entire IT system hostage for ransom after getting into it through an unprotected printer.
Fortunately, organizations have a number of options that can keep printers from becoming an open door to your data. Some are basic, and others more technical, but they all have roles to play in a broader IT security strategy. Here are some that every business should consider:
- Location, location, location. Putting a printer someplace where it can be easily observed – in a controlled space, for example, or simply out in the open – is a good way to deter unauthorized individuals from trying to gain access.
- Authorization. Require a user name and password, ensuring that only those who are authorized to use the printer have access. This authorization should be enforced whether the user is printing from a laptop, PC, or mobile device.
- Encryption. Hackers will try to capture data that moves in and out of the printer, as well as data stored on the device’s hard drive. Encrypting the computer-printer connection and information on the drive will “scramble” the data, making it difficult for hackers to read; then, only authorized users with a password are able to unscramble it. It’s also a good idea to encrypt your data when documents are in a queue, waiting to be printed.
- Embedded fax. In multifunction printers, an unsecured fax connection can be a point of entry for attackers. Embedded fax separates the telephone line from the network connection, ensuring that this back door stays shut.
- Stay updated. Make sure that your printers are current on driver and firmware updates that can provide security against vulnerabilities.
- Disk image overwrite. This is a feature that scrubs the data from a printer’s hard drive according to strict specifications set forth by the Department of Defense. Businesses can customize the overwrite process to have the drive cleaned immediately, when the print job is finished; automatically, scheduled on a daily basis; or on an as-needed basis before the disk is removed from the device.
- Disk removal. The disk is removed and disposed of when the printer is taken out of service.
- Firewalls and antivirus programs. These can often be the first defense against hackers, and are available on some printers.
- “Pull printing.” Also known as “follow me” printing, this holds a print job on the server until the user authenticates himself or herself. Only then is the job released. This prevents sensitive documents from sitting unattended on output trays, where they could otherwise be taken by unauthorized personnel.
In the Ponemon Institute survey referenced above, researchers also found that 62 percent of IT professionals did not believe they could confidently protect print-related data – and that 64 percent said their enterprises placed a higher priority on laptop and desktop security than on printer security. But the fact is, organizations can protect the data from hackers by incorporating printers into their network strategies. Overlooking or ignoring the threat potential of printers can put any business at risk. And that’s exactly what hackers are counting on.
ABOUT THE AUTHOR
Mark Elliott is a Best-Selling Author and CEO. His company, 3i International, helps you apply technology to improve performance and compliance. For over 25 years, Mark has been helping startups to Fortune 500 companies overcome the technology challenges they face. He develops strategies to analyze, manage, and adapt to the ever-changing technology landscape. A central focus has been security and compliance. His experience includes preventing, detecting, and responding to hackers and threats. This keeps your organization safe from invasions while simultaneously meeting regulatory compliance.