Securing the Devices That Leave You Vulnerable
In the new digital world of threat intelligence and virtualization security, it’s easy to assume that today’s security breaches are always equally advanced. But it turns out one of the greatest threats to your company’s data is also one of its most mundane: the good old-fashioned printer.
We all know “edge” devices like mobile phones, Fitbits, and other devices soon to be connected by the Internet of Things (IoT) are all potential starting points for cyber warfare. But many don’t realize printers and scanners have been particularly easy targets. One IDC report showed 35 percent of all security breaches in offices could be traced back to unsecured printers or multi-function devices. Another report by Quocirca showed more than 60 percent of organizations have experienced a print-related breach. Is your company one of them? It’s possible you may not even realize it.
How Unsecured Printers Wreak Havoc
Last March, a hacker sent anti-Semitic flyers to every publicly accessible printer in America,
including college campuses like Princeton, Brown, Smith, and UC Berkeley, just by overtaking their printer functions. But printer attacks may not always be as obvious as highjacked or jammed up print jobs. Using your unsecured printers or unencrypted networks, hackers can access saved digital copies of confidential documents or even capture data from documents right as they are being set to the printer itself. Perhaps even worse, hackers can use your printer to gain access to your entire network, leaving all company data up for grabs. Especially for companies in defense, healthcare, or law, the printer is not just a potential security hazard, it’s a significant compliance risk.
Keeping Your Printers Secure
When it comes to printers, most of us practice the “out of sight, out of mind” approach to security. Luckily, much of the risk surrounding printers can be attributed to a lack of knowledge. Taking the following best-practice tips could do wonders in keeping your printers and networks more secure:
- Restrict Access: Yes, many of us like to offer our printers and scanners up to guests and clients, simply as a matter of courtesy. But leaving printers open for public access leaves them open to literally anyone—not just those you trust. Try restricting access only to those on your network to keep your printer safe. Create a guest network log-in if necessary.
- Review Default Settings: Believe it or not, printers and other devices aren’t always installed with the highest security standards in place. In fact, I’ve even heard of incidents where printer repair companies have turned off security settings just to get temperamental printers to work—leaving those companies completely vulnerable to risk. To help, have your IT team regularly review the default settings and ensure that all security settings are firmly in place.
- Include Edge Devices in Your Firewall: Edge devices like mobile phones, wearables, scanners, and printers need to be included in your company’s firewall to be kept secure. This can be a challenge in the age of BYOD, but it’s also an opportunity to create a clear BYOD framework to keep your company safe. If an employee wants to install their own personal computer in their office to avoid taking a few steps to the shared network printer, make sure their device never goes off the grid.
- Update Your Devices. While many of us jump to download the latest iOS update, that isn’t always the case for the common printer. In fact, I think it’s safe to say most of us have never made updating print drivers a priority. But to keep our data safe, we need to start thinking of printers and scanners as part of the mobile sharing community.
Yes, we live in a digital age. But most companies do still own printers, and those printers present a clear danger to data security. Take the time to tend to—and upkeep—your printer and other edge devices to keep your entire company safe.
Additional Articles on This Topic:
This article was first published on 3ds.com.
Latest posts by Daniel Newman (see all)
- Convincing Leadership to Prioritize Data Security - February 21, 2018
- Communication Changes in the Digital Transformation - February 20, 2018
- Building an IoT Strategy? Start with Security - February 19, 2018