Printers are at high risk for a security breach: What Organisations Should Know

0

By Manish Garg, Chief Executive, MPS, WeP Solutions

In this digital age, all organisations, whether big or small, have access to an array of tools and technological devices for everyday operations and decision making. However, the convenience that digitisation brings is like a double-edged sword. From data breaches and data theft to phishing, ransomware, and malware; there are many vulnerabilities associated with regular usage of peripherals such as printers. Most organisations at some point or the other, would have faced a data breach involving network-connected printers. These devices are silent and prime targets for attackers who leapfrog into a private network and wreak havoc.

About 16 per cent of the respondents surveyed for a study by Spiceworks felt that printers are at high risk for a security threat/breach. The survey also brought out the fact that about 61 per cent of organisations reported at least a single print-related data breach in the past year, and 43 per cent businesses ignore printers in their endpoint security practices. In early 2017, a white-hat hacker breached over 150,000 office and receipt printers to raise awareness among organisations on the need for secure printing. He brought out the fact that even widely recognised printers were prone to attacks. Some major reasons for breach in print security include risky printing habits by employees, unsafe disposal of sensitive documents, and underestimating the role of printers in the IT network security chain.

Even if an organisation does acknowledge the threat, it is difficult to create a complete printing security strategy. For instance, a typical multi-function printer (MFP) has more than 200+configurations and security-related settings and securing this will entail coordinated protection of hardware and software, plus comprehensive monitoring and management solutions. In businesses such as retail or BFSI; a high employee turnover, large numbers of seasonal workers, and “hire attacks” can pose additional threat considering the amount of consumer information they collect.

It is important for businesses of all nature to take a multifaceted and proactive approach to print security. The following steps can be taken:

  • Make print devices a part of your organisation’s overall information security strategy and integrate them into all security policies and procedures. It should be possible for a nodal person to monitor, manage and report on the entire fleet of printers, irrespective of the model, age or brand.

  • Just as other networked devices need a secure access, MFPs also need to have controls to limit access, manage network protocols and ports, and firewalls that can deflect potential viruses and malware.

  • Add an additional security layer with hard disk encryption. Employ data overwrite kits to prevent recovery of data when the MFP is moved or disposed of. This will help remove all scan, print, copy and fax data that is stored in the hard disk drive.

  • User authentication is another important measure to secure access. Also known as pull printing, this step will ensure that documents are only released to an authorised recipient.

  • Last, but not the least, ensure ongoing monitoring and management of all devices through a centralised system. This will not only help in compliance but also tracing unauthorised access. For instance, putting in place a system that logs in the identity of each user, and other details such as time of use and details of the task undertaken.

Complete print security requires a comprehensive approach including education, policy, and technology. Organisations can hire manufacturers and managed print service (MPS) providers that can help them with developing and enhancing their security products and services. The business print environment today is compliance driven and even a single breach of data can weigh heavily on organisations. A print security policy that is commensurate with the needs of a business will ensure protection of two most valuable assets – corporate and customer data – and reduce potential threats.