Why print security is a rising threat
By Nathan Nayagar, Managing Director for Lexmark - South Africa & English speaking Africa.
The advanced capabilities of printers make them a fundamental addition to any modern office. However, their increasing complexity can also make them a potential security threat. Without proper security measures, multifunction printers (MFPs) offer hackers access to a company's network - and its data.
But, staying safe means securing more than just the hardware, says Nathan Nayagar, Managing Director for Lexmark - South Africa & English speaking Africa.
Employees who leave documents at the print tray are one of the primary reasons behind corporate data loss. With this in mind, we take a look at some of the most pressing threats and consider how companies can prevent the printer becoming a weak spot in their IT security.
Smart MFPs offer the same potential for harm as a determined hacker with unrestricted access to the office's local area network. Unlike older printers, MFPs make a digital copy of each document before it's printed or sent over e-mail. If left unprotected, this information is vulnerable to being hacked.
For example, firmware could be loaded onto MFPs that would write any data onto a hidden encrypted area of the MFP's hard drive. A hacker could then copy this data onto a flash drive using the device's USB port. Companies need to ensure all information stored on the hard drives of their MFPs is encrypted and therefore cannot be read by potential hackers.
One of the ongoing risks for security professionals is not just the threat of malicious attacks, but the insider threat. Whether the threat arises from a disgruntled ex-employee or simple human error, the risk of giving a spectrum of users access to confidential information can be difficult to protect against. And the rise in co-working spaces means workers need to take extra precaution to make sure they aren't leaving information where it can be seen by others.
One tool that can help is the 'secure release' function. This locks print jobs in a queue on the device until the user's PIN is entered. Secure printing also reduces waste by eliminating unclaimed documents from ever being printed in the first place. However, while this is a step in the right direction, data security also relies on educating employees and instilling policies that all confidential paper waste is shredded.
As with a laptop or tablet, the firmware and operating systems of MFPs need frequent updates to benefit from the latest security patches. Older MFPs are particularly susceptible to hacking, as fewer patches are developed for old firmware. To keep their fleet up to date, businesses can ask their vendor to install a tool that enables them to update all their devices at once.
Lexmark MFPs, for example, support a firmware download mechanism that enables the firmware that controls the device's behaviour to be updated. Businesses can reduce their risk further by removing rarely used printers from the network. But, to keep old data safe, the printer's hard drive must be erased and securely disposed of at the end of its life.
To protect their network, organisations should firstly carry out a complete audit of the print environment. This should look at the type of data they hold, how it is used, and what is printed; in short, an analysis of a document's complete life cycle to ensure it is protected throughout.
Organisations should also ensure only the appropriate employees can alter access rights to the device's Web server. Finally, companies should customise their MFPs to enable only those features they need. For example, if employees don't need to print from their smartphones, disable the feature and focus on the most likely threats.
In a corporate environment, huge amounts of data pass through the office MFPs every day. As cyber crime rises, printers are increasingly the target of attacks. This is compounded by the fact that many organisations lack education and investment in adequate print security measures. It's no surprise, therefore, that confidence in print security is 13% lower than in IT security overall.
The consequences of not securing your office printer, however, can be surprisingly serious. Fines for improper data protection apply around the world. In the UK, for instance, the Information Commissioner's Office (ICO) fines a large number of companies each year for data loss generated from MFPs.
Therefore, as our printers become more complex, it is more essential than ever for organisations to think carefully about how to protect them and their customers as effectively as possible.