Print security breaches happen more often than you may think. Endpoints are a key target and print devices are not getting enough attention in the enterprise’s IT security strategy. Only 30% of IT professionals recognize printers as a high security risk, according to a May 2018 Spiceworks survey. And yet 59% of organizations have reported a print-related data loss in the past year, according to a 2019 Quocirca analysis and trend report. Cyber threats targeted toward printer and Internet of Things (IoT) devices have increased more than 200%, according to the 2019 SonicWall Cyber Threat Report.
The writing is on the wall: As an endpoint device attached to the network, the print device is a significant security risk. Just like IoT sensors, today’s modern, intelligent, programmable print devices are routinely connected to the internet and the corporate network—in turn expanding the enterprise cyber attack surface.
So, how do you protect your sensitive data while using your office printers and copiers?
1. Performing an Audit of Your Networked Printers and Copiers
If your organization has not yet established an IT security plan due to inadequate technical knowledge, resources, or staff, qualified and experienced managed print services experts are available to help. The right managed print services provider will:
→ Be able to provide you with a thorough printer and copier network security audit → Have knowledge and insights into current cyber threats → Advise you on the best security software and hardware technology available to meet your needs
2. Securing Access
Start the process of defending your printers, documents and data from network threats by physically securing your printers and copiers. If possible, move printers that are out in the open into a controlled access area. Access can further be controlled by disabling physical ports to prevent unauthorized use. Access can be further secured by requiring authentication and authorization for access to device settings and functions. Taking this step has the added benefit of controlling printing costs due to unnecessary and unauthorized printer use. Printer security technology experts recommend other security solutions such as PIN authentication, LDAP authentication, smart cards, proximity badges and biometric solutions.
3. Disabling Unnecessary Services and Protocols
In an effort to provide the users of office technology with efficient, turn-key product solutions, many printer and copier manufacturers are offering models with a wide range of services and protocols built in. Many of these enabled-by-default protocols (Telnet, HTTP, FTP) are unnecessary and not secure. Leaving these services enabled may provide attackers with the ability to access the printer/copier data directly. If breached, a hacker would have access to all the data stored on the device. In some cases, printers and copiers utilize more than one web interface, however, if a particular web interface is not needed, the safest approach is to disable it.
4. Zero-Day Vulnerabilities
Disabling unnecessary services and protocols is a first line defense strategy for heading off what are known as “zero-day” vulnerabilities. These are vulnerabilities that have not yet been identified, but could eventually be discovered and exploited. Though zero-day vulnerability involves an unknown risk, the risk can still be mitigated by restricting and controlling access to your multifunction printers and copiers.
5. Securing Data with Encryption
Encrypt print and copier jobs to secure data in transit in the event of interception and use encrypted storage to protect documents in the device’s queue. Data can also be protected by authenticating users and attaching them to their specific documents. Document owners are then required to authenticate themselves to the printer or copier before their documents will print. Make sure the end-point device does not store the document or data about the printed document once the print job is completed. In environments that involve multiple desktop printers and copiers, make sure that sensitive data is not stored on these devices. This is because desktop devices may be more vulnerable to physical theft, and with the hardware, the data could be stolen.
6. Keeping Up with Patches and Updates
The importance of staying on top of software and hardware firmware updates cannot be overstated. This includes the firmware used in your multifunction printers and copiers. The role of firmware is similar to the function of a computer operating system. Like the operating system of your PC, firmware enables you to control how your printing device operates. Firmware is installed when the multifunction printer and copier is manufactured and provides the basic control necessary to use the device. When your printer or copier requires firmware changes, manufacturers will release an update. Firmware updates typically include a combination of fixes for known issues, as well as any applicable new features and improved security.
Some printers and copiers with an internet connection will automatically check for new firmware and install it. Others will require you to periodically to visit the manufacturer website for firmware update downloads, which you can retrieve and install yourself. Ignoring updates and patches will likely result in the development of critical vulnerability points in your network. These risks may lead to security breaches that create more headaches than the time you saved by ignoring your updates was ever worth.
7. Selecting Secure Multi-function Printers and Copiers
Without a doubt, the best way to secure your printer and copier is to invest in technology that is pre-programmed with the most up-to-date device security features. Look for multifunction printers and copiers that are designed to independently detect, protect, and self-repair damage from malware attacks. As you upgrade outdated equipment, replace it with systems that offer built-in threat detection and software validation features, so only authorized firmware and software can be installed and executed. This will provide your network with an extra layer of security.