Just like any office equipment, printers are vulnerable to attacks from threat actors, be it denial of service, information theft, or botnet compromise.
Despite this, printers are among the most overlooked hardware when it comes to implementing safety practices in the workplace. Printers were found to be low on the security agenda for many US and European organisations, which tend to focus on securing their cloud or hybrid application platforms, email, public networks, and traditional endpoints instead, according to latest research from Quocirca.
As a result, 68% of organisations reported data losses traceable back to printers in 2021, with an average breach cost of almost £632,000.
Although many organisations are undergoing a sustainability push and moving towards the paperless office, the number of printers has actually increased since the start of the pandemic and continues to rise, Quocirca research director Louella Fernandes. One of the reasons for this is the rise of the remote and hybrid work strategies, which saw workers purchase home-based devices for work purposes – including small office printers.
Despite the many benefits of working from home, some home-office printers lack necessary security precautions, creating a welcoming environment for cyber criminals looking to target organisations through a less-obvious endpoint.
“Printer estates have expanded to include home offices and employee-purchased devices, increasing the risk of accidental data loss and cyber attacks. Organisations are finding it harder to keep up with print security challenges and they are suffering costly breaches as a result,” she warns.
2021 saw the rise of several print-related vulnerabilities, enabled through the adoption of advanced features in even the most basic printer models. According to Fernandes, this increases “their potential to be weaponised by bad actors”.
Printer security best practices
While a serious threat, there are steps your organisation can take to secure your printers and avoid expensive data leaks. Beaches are at their highest-ever cost according to IBM’s 2022 Cost of a Data Breach Report, and they can also cause severe reputational damage. Here we explain the three best ways to secure your business printer: from access controls to software updates.
How to secure a printer with user authentication
Requiring employees to enter a PIN or scan their keycard at the printer to authorise a print job helps to make sure that print jobs are purposeful, and important documents aren’t forgotten about in the tray. It can also prevent documents from being accidentally reprinted, which in turn saves paper and money.
How to secure a printer with data encryption
If a document is being printed by an employee, especially as menial tasks have increasingly been relegated to online systems, it’s likely to contain sensitive information that should be kept clear of prying eyes. But if printer data is unencrypted, this data is transmitted across the network without any form of protection. Since a threat actor may use a printer as an unassuming access point for a network, they could equally intercept sensitive print job data.
Encrypting data in transit from endpoints to the printer will help prevent this from being a problem.
How to secure a printer’s firmware
RELATED RESOURCE
Edge to cloud security: A new WAN and security edge
A practical guide to adopting a secure access service edge (SASE) architecture
Regularly updating the printer’s firmware, the driver installed on it from the time it's manufactured, is a basic precaution that is often skipped over. But keeping firmware up to date is an easy way to keep vulnerability protection up to date, and keep your entire print network secure.
However, it’s worth remembering that it takes time and resources for an IT worker to review, test, and implement new firmware for all of an organisation’s printers. This is one reason why it often doesn't happen as frequently as it should.
Finally, when buying printers, consider units that come with built-in security features, as it is always harder to secure such hardware after it has been bought and shipped.
-
CrowdStrike layoffs to hit 500 staff as firm targets strategic AI shiftNews CrowdStrike has announced plans to cut 500 roles, equivalent to 5% of its workforce, as the firm looks to maximize annual recurring revenue gains.
-
AI-enabled cyber attacks exacerbated by digital divide in UKNews New NCSC report highlights the risk AI presents to the UK’s cyber resilience
-
Busting nine myths about file-based threatsWhitepaper Distinguish the difference between fact and fiction when it comes to preventing file-based threats
-
The Total Economic Impact™ of the Intel vPro® Platform as an endpoint standardWhitepaper Cost savings and business benefits enabled by the Intel vPro® Platform as an endpotnt standard
-
The Total Economic Impact™ of IBM Security MaaS360 with WatsonWhitepaper Cost savings and business benefits enabled by MaaS360
-
WithSecure Elements EPP and EDR review: Endpoint protection on a plateReviews An affordable cloud-managed solution with smart automated remediation services
-
KuppingerCole leadership compass report - Unified endpoint management (UEM) 2023Whitepaper Get an updated overview of vendors and their product offerings in the UEM market.
-
The Total Economic Impact™ of IBM Security MaaS360 with WatsonWhitepaper Get a framework to evaluate the potential financial impact of the MaaS360 on your organization
-
Unified endpoint management software vendor assessmentWhitepaper Make positive steps on your intelligent automation journey
-
PowerEdge - Cyber resilient infrastructure for a Zero Trust worldWhitepaper Combat threats with an in-depth security stance focused on data security
