Alistair Millar, Altodigital group marketing manager, discusses how printers can become the weak link in a company’s security
While security issues are always one of the main discussion points during an IT deal, those buying printers are generally more concerned about speed and print quality than whether the machine is likely to be hacked. After all, before the emergence of smart devices, a printer was seen as holding about as much security risk as, say, a toaster.
However, today even toasters, fridges and kettles can be connected to the Internet of Things (IoT) and become a target assuming, of course, that the data held is seen to be of value. Now, far from being low risk, smart printers have been described as ‘the largest potential security hole’.
Every time a new cyberattack takes place, we’re reminded of the vulnerability of even the largest companies. For example, only recently, Deloitte was said to be investigating a breach of its email servers and, when credit reporting agency Equifax’s systems were compromised last month, the names, social security numbers, birth dates, addresses and, in some cases, drivers’ licence and credit card numbers of millions of citizens were accessed.
SMEs as well as multinationals
But it’s not just the multinationals that are involved. The Cyber Security Breaches Survey, 2016, reports that 65% of UK firms detected a cyber security breach or attack in the past year. As businesses up their security budgets and defences, the criminals look for the weaker links – such as printers. Now, increasingly, printers are being regarded as a ‘back door’ for hackers to sneak through, giving them access to an entire network, including data.
In fact, earlier this year, someone claimed to have successfully hacked more than 150,000 printers by sending documents to print, alerting people that the printer had been compromised, to show just how easy it was to do.
Using the printer route, ransomware can be spread to all other devices on the network. In addition, the typical office printer also has a PC-style hard drive storing digital copies of every document it has ever scanned or printed – so cybercriminals also have access to a company’s most confidential documents. A straightforward firewall on the printer will make it a less appealing target.
Yet, while cybercrime makes the headlines, smaller security breaches caused by human error can cause problems too. For example, when GDPR, the new EU data protection regulation, comes into force next year, companies could face huge fines for non-compliance.
In some ways, thoughtlessness and lack of careful document management can cause almost as much mayhem as a cyberattack; just think of the furore when ministers are photographed walking into Downing Street with confidential documents on show.
On a company-wide scale, sensitive documents about pay or other confidential issues left uncollected at a printer can cause equivalent damage to a business’s reputation if they get into the wrong hands; this is why many of the security measures on today’s printers focus on ensuring the right printed documents reach the right people.
Secure document release software makes sure users can authenticate themselves in order to release documents from an encrypted print server. This will ensure that nobody can just sit at another person’s computer and gain access or leave with any confidential documents. Documents held on device hard disks for too long before authentication will be deleted and overwritten in the storage area to prevent them from being retrieved and printed by unauthorised users.
You should also consider a device offering protocol settings with encryption implemented and configured to print fleet devices. Without this setting, hackers could quite easily take a document in transit from the computer to the printer.
Jobs can be held and checked with optical character recognition (OCR) for sensitive content before being printed. Again, this ensures that the right person is collecting the right documents from the printer. In addition, authentication protocols ensure that documents cannot be scanned or printed without permission.
Alternatively, everything can be encrypted into an unreadable code to prevent it being easily deciphered. Adding this feature means that, even if someone can access your documents, they won’t be able to decipher the information.
Office technology suppliers are in a good position to make their customers aware of these threats and help ensure their printer security is foolproof. Once GDPR comes into force, and the severity of the fines for non-compliance becomes apparent, no doubt interest in printer security will rise accordingly.