5 reasons hackers love office printers
21 June 2016
2 min read
56% of enterprise companies leave printers out of their security strategy1 Some networked office printers are teeming with so many vulnerabilities that even the laziest of hackers or thieves could take a successful swipe. Research conducted by the Ponemon Institute reported that 60% of companies surveyed had a data breach involving printers, requiring an average of 46 days to resolve a cyberattack2.
Here are five ways print security risks could wreak havoc on a business:
Even behind the firewall, many devices on a network may create a new access point to the entire network. When printers are overlooked in a comprehensive network security plan, that point of entry can be very welcoming to hackers, who can cause catastrophic consequences once inside the network.
When hackers gain access to unsecured printers, they wield all the power for destruction. Your printer could become a possessed machine, printing random jobs, transmitting foreign faxes and changing all of its settings. Printers are also prime targets of denial-of-service (DoS) attacks.
Unencrypted print data is a hacker’s dream. If data transmitted to a printer is unencrypted, it shows up as clear, legible text. If hackers want access to this data, it can be captured and read using a standard PRN reader.
Abandoned printouts can sit for days in the printer’s document tray or end up littering the copy room. Nosy employees can sneak off with confidential information inadvertently left behind. This information leak also makes a company liable for regulatory compliance failures.
Mobile devices compound the issue
As computing devices on the network expand to include mobile devices, it is more challenging to provide network authentication and secure access to printers. A documented mobile solution that addresses user authorisation and secure data transmission to printers is necessary to be protected. The more devices we introduce to a connected network, the more vulnerabilities and instances for hacking we create. On-device encryption is a necessity for mobile printing.
Avoid all of the above office nightmares when you take precautions to address printer security. Start by ensuring you have the following steps covered:
- Make sure that computing devices use only encrypted communication protocols, and disable unused ports and protocols on the printer.
- Put a system in place that erases or destroys the printer’s hard-drive data as part of removing the device from circulation.
- Support at least one form of user authentication (preferably two or three), and consider the implementation of pull printing for print environments with a high volume of confidential information or compliance requirements.
- Ensure printer firmware is current and only legitimate firmware is ever loaded.
- Make certain that all printer hard drives are secure (encrypt and erase data on a periodic basis).
- Use a fleet management tool to centrally manage, monitor and remediate the device to ensure compliance with security policies.
- Make sure all data between both desktop and mobile devices is encrypted to be certain the print-related data is fully protected from man-in-the-middle attacks.
Assess where you stand by completing this brief survey to identify opportunities to improve your print security.
Read more about HP’s print options here: www.hp.com/go/PrintersThatProtect
1 “The Business Value of Printer Security,” IDC, November 2015.
2 “The Insecurity of Network-Connected Printers,” Ponemon Institute, October 2015.
3 “The Business Value of Printer Security,” IDC, November 2015.