Can your printer be hacked?

Cyber attacks are on the rise and few businesses realise that today's multi-functional office printer can be a gateway into their network.

Johannesburg, 03 Jul 2019
Read time 5min 40sec

It absolutely can, says a Nashua spokesperson for Office Automation at Nashua. “When companies are looking for potential targets for hackers and cyber criminals within their business, the multi-functional printer (MFP) is often not even on the list of devices that require protection. They don’t realise that all connected devices – and today’s printer is just that – are vulnerable to attack.”

A quick Google search reveals several stories of bored hackers who hacked internet-connected printers ‘just for fun’, but there are also more malicious examples of printers being disabled and a ransom being required to release them, data being stolen from printers’ hard drives, and the printer being used to gain access to the company network.

He adds, “Companies routinely secure laptops, PCs and even mobile devices, without realizing that the multi-functional device standing in the corner is just as vulnerable to attack.”

If you consider just the information that resides on a printer’s hard drive, a financial institution or a military-related organization could suffer considerable reputational damage should that data be hacked, not to mention the possible breach of legislation such as the European Union’s General Data Protection Regulation or the local Protection of Personal Information Act, which has yet to come into force.

He continues, “Cyber criminals are always looking for ways to get into your company networks, so security really should be a talking point when considering the various features of an MFD.”

Law firm Michalsons propose a pragmatic and proactive approach to information security law. They advise that any strategy to safeguard your information should take into account the potential risks to your company data, the use of technology that’s updated on an ongoing basis and the cost of safeguarding your data from a time, money and labour perspective.

“It’s important to know who is accountable for safeguarding your information and whether adequate measures have been put in place to protect your data against cyber theft. If a customer has trusted you with their personal information, you could be held accountable if you haven’t implemented the necessary measures to safeguard it against a breach,” says the spokesperson.

He says there are two basic aspects to securing an MFP. “Firstly there’s input security, where the printer overwrites its own hard drive consecutively, preventing anyone from accessing any data that’s on that hard drive. Then there are simple things like implementing personal ID code authentication, which is a standard security measure that everyone should use. It’s never a good idea to have anything that’s printed just automatically released the minute the user hits ‘send’. That might result in personal or confidential information being put at risk of breach.

“Then we have output security. This is where Managed Print Solutions comes into its own. This can entail the use of two-factor authentication, or certain rules and regulations from an administrator point of view. So this will govern things like how many copies can be made, who may print from the internet, can people print in colour or only monochrome, may certain people print certain types of documents or from certain files. All of these can be tailored to the company’s specific requirements.”

“The reason that we’re having this conversation about security and the office printer,” he says, “is that the traditional office printer, copier and scanner has evolved into a multi-purpose device that incorporates various additional technologies. Today’s MFP is a fully integrated solution that enables you to do so much more than just copy, print and scan. In addition to these day-to-day functions, these machines are becoming increasingly intelligent, allowing the user to download applications from an app store that enable so much more functionality.”

For example, it’s now possible to scan directly into software solutions for archiving and retrieval purposes. This capability is already integrated into today’s MFPs, there’s no need to install third party software. Previously, devices could scan documents into a folder or email, but then tended to run out of storage, while modern MFDs scan to the cloud. He says, “Scanning to the cloud makes your information more accessible and provides convenient access to content anywhere and on any device. It also means that documents can be printed directly from the printer itself instead of requiring a laptop or other device to send the job to the printer.”

Accommodating the BYOD trend, MFPs allow authorized users to print directly from their mobile phones. He explains, “You download an app on your phone, remote connect to the MFP, then scan the device’s QR code using the app on your phone. Naturally the user needs to have access to the company network as well as authorized access to the MFP in order to be able to use this facility.”

Other applications that improve the capabilities of the MFP as well as the productivity of the user include quick ID scan, barcode recognition and even follow-me printing, which enables the user to send their print job to one printer and then print it out elsewhere in the building as well as scan to third party cloud storage such as Google drive, SharePoint and Office 365.

These and other applications mean that the MFP is becoming increasingly central to the digitalization and digitization journey that the majority of companies have undertaken. He explains, “When the user scans a document directly into a Managed Document Services programme, this can trigger a workflow that’s been set up for that customer as part of their Business Process Management solution.”

“All too often companies don’t understand why security is so important when it comes to their multi-functional device. They tend to focus on cost only, not realizing that security is a massive value proposition, particularly with PoPI looming large on the horizon. If they haven’t considered it previously, they will be forced to once the Act comes into law.”

If you’re concerned that your MFP could be at risk of cyber breach, click here to read more about devices that safeguard your information.