The topic of printer security is not common for most IT departments, but it should be. Printer security protects your business from hackers and can help avoid costly data breaches. Most IT professionals and small businesses don't think about printer security until they've been breached, but it's important to protect yourself by taking simple steps now. Here are some tips for how to protect your business and its data.
Protecting your company's data is important as a business executive or owner. Printer security is one way to ensure that your printers and copiers are safe from hackers, malware and unauthorized access. Take these steps to keep your printer secure:
- Use strong, unique passwords on all devices connected to the network.
- Use antivirus software on all devices connected to the network (including computers).
- Keep up-to-date with software patches so that any security holes in operating systems or applications are patched immediately when discovered by developers (this includes firmware updates for printers).
Printer security is not a topic discussed in most cybersecurity plans.
Security is not a topic that rates highly for many IT departments. Cybersecurity plans generally focus on network security, computers, servers and other endpoints. When discussing printers, there is plenty of discussion on the latest features, but security isn't usually high on the list--and it should be.
Many examples of printer security breaches have occurred in businesses worldwide. Some of these include:
- CyberNews hijacked 28,000 unsecured printers and printed five-step guides to printer security to show the ease at which these devices can be manipulated;
- In a study by Quocirca, 60% of companies admitted to falling victim to a printer-related data breach, with an average cost of $400,000 for each incident
Security breaches and malware attacks can happen through printers, MFPs and other office equipment.
The security of your data is paramount, and it's important to understand the risks associated with printers, MFPs and other office equipment. Data breaches can happen through printers and copiers in several ways. Below are the two most often-seen scenarios.
- Network breach - A virus or malware infects a printer on your network and uses it to steal information from other computers or networks. This attack is especially dangerous because even if you don't use the infected device directly, it can still expose your network to hackers.
Here is an example of how this could occur. Your company's accounting group keeps new customer onboarding forms on your printer's hard drive, providing the ability to remotely fill in and print the forms. These forms gather the customers' business data until your hard drive is cleared. In the meantime, accounting staff receives invoices as email attachments containing malicious code that can only be triggered on the printer's operating system environment. This code gets past your malware program and is installed on the printer's hard drive. Now it sits there, eavesdropping on all connected devices on the network. The code gathers and steals customer credit card numbers, causing a data breach. But the data breach isn't found for three months.
While this situation may seem outlandish, it happens across businesses every day. Imagine the impact that this data breach could have on your business. It could be catastrophic.
- Incorrect removal of printers and MFPs - When a business gets rid of an old printer or MFP, they need to consider what that entails. Many printers and MFPs contain a hard drive that stores data for various reasons. If that data isn't erased, it continues to live on the hard drive and can be accessed by anyone attempting to use it.
Let's take for example that your business has an old copier that you want to donate to a charity. If you don't take the proper steps to erase the hard drive of all data, when you give the copier to the charity, they become the owners of that data. This data could be employee personal identity information, customer credit card numbers or other sensitive data that needs to stay protected. That data can easily be extracted from the hard drive and used for nefarious purposes.
This example may seem simple, but it happens more than you think. One healthcare company was fined $1.2 million by federal regulators for returning copiers to their leasing company without removing patient personal data. Thankfully, that data didn't end up in a bad actor's hands, but it very well could have caused a major data breach.
So with the methods and risks of a data breach from your printer or copier outlined, how can your business protect itself from falling victim? Below we outline several ways to stay safe.
Encryption protects the information stored on your printers and copiers.
Encryption is the only way to protect data in transit from device to device. Encryption protects data at rest as well. For example, if you encrypt the hard drive on your computer and then lose it or have it stolen, anyone who finds the device will be unable to access any of your files unless they know how to decrypt them.
Encryption is also required for medical organizations such as hospitals and clinics; financial institutions like banks, credit unions and investment firms; government agencies (including law enforcement) that handle sensitive information such as social security numbers or medical records; as well as any business that handles customer credit card numbers or other personal data like addresses or phone numbers
Unpatched operating systems, applications and software are common causes of data breaches.
Unpatched operating systems, firmware, applications and software are common causes of data breaches. While it's important to make sure that your printers are patched, it's also critical that you have them installed on a secure operating system.
If you're running Windows Server 2003 or earlier versions of Windows Server, you should upgrade to one of the current versions as soon as possible (Windows Server 2019 is currently available). If you can't upgrade right now, then use Microsoft EMET (Enhanced Mitigation Experience Toolkit) to help protect against attacks while you wait for updates from Microsoft.
Limit access to printers with authentication protocols like LDAP.
Authentication protocols like LDAP can be used to limit access to printers. If you're using an authentication protocol, it is important that you set up appropriate authorization controls so that only authorized users can print to particular printers. You can also use ACLs (access control lists) to control who has permission to print jobs on the printer(s).
Disable unneeded ports and protocols to prevent unauthorized access to your printer.
- Disable unneeded ports and protocols to prevent unauthorized access to your printer.
- Do not allow printing from the internet.
- Use strong passwords for your Wi-Fi network. If you use WPS, disable it immediately and use a stronger encryption method instead (like WPA2).
Protect your business from data breaches by taking simple security steps with your printers and copiers.
Data breaches can devastate businesses but can be prevented with printer security.
Data breaches are becoming more and more common, but there are several things you can do to protect your business from them. Here are three simple steps to take:
- Encrypt your data so that even if someone steals it, they cannot access the information without a password.
- Update software patches regularly to ensure security flaws are fixed as they become known.
- Use authentication methods such as passwords or biometric scans instead of relying on default settings (like no password at all) to keep unwanted users out of sensitive areas like HR records or payroll data
Printer security is one of the many ways to protect your business from data breaches. A good place to start is by contacting your print partner for more information about their security solutions and how they can help protect against data breaches. We've got you covered if you need assistance finding the right printer solution! Our experts are here to help with everything from picking out new printers and MFPs to deployment planning and implementation assistance.