Just like any office equipment, printers are vulnerable to attacks from threat actors, be it denial of service, information theft, or botnet compromise.
Despite this, printers are among the most overlooked hardware when it comes to implementing safety practices in the workplace. Printers were found to be low on the security agenda for many US and European organisations, which tend to focus on securing their cloud or hybrid application platforms, email, public networks, and traditional endpoints instead, according to latest research from Quocirca.
As a result, 68% of organisations reported data losses traceable back to printers in 2021, with an average breach cost of almost £632,000.
Although many organisations are undergoing a sustainability push and moving towards the paperless office, the number of printers has actually increased since the start of the pandemic and continues to rise, Quocirca research director Louella Fernandes. One of the reasons for this is the rise of the remote and hybrid work strategies, which saw workers purchase home-based devices for work purposes – including small office printers.
Despite the many benefits of working from home, some home-office printers lack necessary security precautions, creating a welcoming environment for cyber criminals looking to target organisations through a less-obvious endpoint.
“Printer estates have expanded to include home offices and employee-purchased devices, increasing the risk of accidental data loss and cyber attacks. Organisations are finding it harder to keep up with print security challenges and they are suffering costly breaches as a result,” she warns.
2021 saw the rise of several print-related vulnerabilities, enabled through the adoption of advanced features in even the most basic printer models. According to Fernandes, this increases “their potential to be weaponised by bad actors”.
Printer security best practices
While a serious threat, there are steps your organisation can take to secure your printers and avoid expensive data leaks. Beaches are at their highest-ever cost according to IBM’s 2022 Cost of a Data Breach Report, and they can also cause severe reputational damage. Here we explain the three best ways to secure your business printer: from access controls to software updates.
How to secure a printer with user authentication
Requiring employees to enter a PIN or scan their keycard at the printer to authorise a print job helps to make sure that print jobs are purposeful, and important documents aren’t forgotten about in the tray. It can also prevent documents from being accidentally reprinted, which in turn saves paper and money.
How to secure a printer with data encryption
If a document is being printed by an employee, especially as menial tasks have increasingly been relegated to online systems, it’s likely to contain sensitive information that should be kept clear of prying eyes. But if printer data is unencrypted, this data is transmitted across the network without any form of protection. Since a threat actor may use a printer as an unassuming access point for a network, they could equally intercept sensitive print job data.
Encrypting data in transit from endpoints to the printer will help prevent this from being a problem.
How to secure a printer’s firmware
Edge to cloud security: A new WAN and security edge
A practical guide to adopting a secure access service edge (SASE) architecture
Regularly updating the printer’s firmware, the driver installed on it from the time it's manufactured, is a basic precaution that is often skipped over. But keeping firmware up to date is an easy way to keep vulnerability protection up to date, and keep your entire print network secure.
However, it’s worth remembering that it takes time and resources for an IT worker to review, test, and implement new firmware for all of an organisation’s printers. This is one reason why it often doesn't happen as frequently as it should.
Finally, when buying printers, consider units that come with built-in security features, as it is always harder to secure such hardware after it has been bought and shipped.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2023.