Could your office printer be a security liability?

Printers are an integral and ubiquitous part of the workplace. They have their own hard drive, operating system, and direct network connection. They are essentially just like PCs. But while everyone is aware of the need to secure and protect PCs, people don’t think of printers as similarly fallible.

Ponemon Institute research, commissioned by HP has shown just how many companies are ignoring the threat printers pose. Out of some 2,000 IT professionals across North America, EMEA, Latin America and Asia Pacific, surveyed by the institute, only 44% of respondents said that their organisations’ security policy includes network-connected printers.

So what are the risks of unsecured printers?

If your printer is accessible via the Internet, the field of potential hackers becomes virtually limitless. The main threat is that printer could provide hackers with a point of entry to access the company’s network.

This could result in the installation of malware on the printer itself to control it remotely or to gain access to it, which could lead to the theft or loss of sensitive or confidential data.

According to the Ponemon Institute, 64% of IT managers believe their printers are likely infected with malware. Yet at the same time, 56 percent of enterprise companies ignore printers in their endpoint security strategy.

> See also: How to keep your network printer safe and secure

As well as theft or loss of data via a printer, attackers could also send bizarre print jobs to it, use the printer to transmit faxes, change its LCD readout, change its settings, launch denial-of-service (DoS) attacks to lock it up, or retrieve saved copies of documents.

The security risk that network-connected printers pose is also expected to increase due to the expanded use of mobile technologies, the increased rate of malware infection, the growing army of remote workers and more and more network connected devices.

This may explain why most respondents – some 57% – predicted a data breach resulting from insecure network- connected printers in the next 12 months.

So how can organisations reduce printer vulnerability?

Technologies that help pinpoint high-risk printers, such as those containing malware, are critical, according to 70% of respondents.

As well as reducing the threat of external threats (eg malware and hackers), securing your printing technology can also reduce internal threats. This includes user identification, through PINs or other verifications that can eradicate the risk of the wrong person picking up your document as can using printers installed with physical locks and shielding on input trays to avoid theft or loss of documents.

Data encryption protocols can also prevent jobs/documents from being intercepted while travelling across a network, while advanced security controls and authentication through PINs, biometric solutions or smart cards that have to be used before access is granted, can also secure a device’s control panel.

People management

While secure printing technology is a key to safeguarding your network, attention needs to be placed to how employees interact with and use these devices, so that they don’t become the weak link.

According to HP's research, 56% of respondents believe employees in their organisations do not see printers as an area of high security risk. This could lead to negligence when using printers and other peripheral devices that contain sensitive and confidential information.

To combat this, what’s needed is stringent training and awareness programmes to address the appropriate handling of sensitive and confidential information. These need to be delivered and assessed frequently to ensure compliance.

Not all departments are equal

The types of information generated and/or printed in different departments vary, as does the security risk these printers pose. According to our research the mostly likely places for a data breach to occur via a printer is in executive management, sales and human resources.

> See also: IoT mythbusting 101: even the most trivial device could present a data security risk

In such departments, printer-related security practices and access controls must be strengthened. Currently, according to our research, only 30% of respondents say their organisation has a process for identifying high-risk printers.

Process problems and lack of governance

At present, printer security is an overlooked security risk. As a result, most organisations are pessimistic about their ability to prevent the loss of data contained in printer memory and/or printed hardcopy documents, what’s more 60% acknowledge that they have experienced a data breach via a network connected printer.

There are however a variety of measures, both in terms of policies, practices and advanced technology, that every company can take to stop hackers and malicious attacks in their tracks and keep their data and sensitive information safe.

Sourced from Gary Tierney, UK & I Printing Category Director, Hewlett Packard

Avatar photo

Ben Rossi

Ben was Vitesse Media's editorial director, leading content creation and editorial strategy across all Vitesse products, including its market-leading B2B and consumer magazines, websites, research and...

Related Topics

Hardware