Five tips for securely deploying printers in hybrid, remote workplaces

Ian Nel, Data Privacy Information Officer, Canon South Africa.

Printers are a security risk. Quocirca's The State of Print Security 2019 report reveals that 59% of respondents suffered print-related data loss at least once, and only 24% of companies believe their printer infrastructure is secure enough.

These statistics were gathered before large crowds started working from home, and those incidents routinely targeted company environments. As offices decentralise into homes with far fewer layers of digital security, there is little doubt that working from home (WFH) has made the security challenge much bigger.

Why are printers a serious consideration when it comes to security? The answer is not very surprising: Printers manage a lot of data, explains Canon South Africa's Data Privacy Information Officer, Ian Nel: "If you have to think of what gets printed on multifunction devices in our daily environment, it covers various types of content – some of a sensitive nature. Think of employee salaries, running budgets, contracts, purchase orders, etc. Having sensitive information on a printer, whether it is in a centralised environment or in a home office or another remote environment, can pose a risk."

The challenge for IT administrators is that office printers can be centralised and kept inside a security parameter. Home office environments create a much more complicated picture. And don't believe printing is dying out. On the contrary, it's a booming market – according to Canon, sales data from single months in the past year often break annual records from previous years. As people work remotely or in a hybrid fashion, they need printing and scanning facilities at hand.

Whether in the office or at home, printers channel a lot of sensitive data. Increasingly, they serve as data capture hubs for knowledge management, using technologies such as OCR (optical character recognition) to digitise physical pages. And then there is the cloud: Modern printers support uploads to cloud services. If you look at it closely, print and scan devices are mainstays of integrated digital environments.

Securing printers in any environment

Criminals know this and target printers – there is even malware that specifically attacks print devices. Yet printers are rarely secured. In 2019, researchers tried to access around 800 000 printers they discovered on the internet and successfully sent print jobs to 450 000 of those. It's not exactly the same as a data breach, but those devices were essentially naked to the outside world.

Why are IT teams so lackadaisical about printer security? Nel points out that it's usually the fault of needlessly complicated configuration and management vendor software, a trend that seems to be reversing. Vendors are also improving the usability and simplicity of integrating printer ecosystems with office knowledge environments: "In the past, you would have to have a solutions architect who would scope your environment and build a taxonomy or file structure that would fall in line with policy. But software vendors partnering with multifunction vendors are starting to tone down the level of complexity with these types of solutions. For example, connecting a printer system with a secure cloud-based storage service is much easier to deploy today, even if the printer is at a remote location."

Management software and service are also improving – a particular benefit for maintaining remote printers. In many WFH scenarios, the employee owns the printer. Using today's software, administrators can monitor those devices to ensure policy, compliance (POPIA), data integrity and security. In addition, leading printer systems have embedded security software, such as anti-virus detection and BIOS/firmware scrutiny, to spot any tampering.

Five tips for deploying printers securely

The combination of modern device features and software simplify full-feature printer deployment significantly. To help get everything right, Nel recommends five considerations when deploying secure printers:

  1. Access control: The print management software must give administrators access control tools and limit what users can do regarding the access, print and storage of data.
  2. Granular configuration: Printers can retain data on internal storage. Can that data be encrypted? Can the device be set to delete data immediately?
  3. Embedded security: Modern printers can include embedded security software, often from a recognised cyber security vendor. Best-of-breed printers can also check for BIOS and firmware tampering.
  4. User-friendly monitoring: IT professionals often don't deploy printers' enhancing features properly because the vendor software provides a poor user experience. Look for printers with configuration and management tools that make sense to administrators.
  5. Policy proliferation: The printer's ecosystem must help propagate things such as security policies and data compliance for the sake of security and staying on the right side of laws such as POPIA.
Read more