With cyberthreats a growing concern for companies of all sizes, one area that should not be overlooked is printer security. Unfortunately, it often is. Research cited by Forbes shows that less than half of all IT managers consider printers a top priority when it comes to corporate data security.
But since printers are connected to networks and the internet, they’re logical entry points for hackers—and just as open to malware and other attacks as the computers and smart devices on the network. According to research by IDC, 35% of recent security breaches were related to print-security deficiencies.
Several incidents from last year underscore what can happen when printers aren’t sufficiently secured. In October 2016, a coordinated denial-of-service attack involving printers, network security cameras and video recorders caused huge headaches for major internet service providers and websites like Reddit, Airbnb, Tumblr, Amazon and the New York Times.
Earlier that year in March, a hacker created havoc (and embarrassment) at several American universities by using open ports to cause their printers to spew out anti-Semitic propaganda.
Overlooking compliance in printers and multifunction devices
PCI-DSS, the Payment Card Industry Data Security Standard established by the credit industry, has set clear guidelines to protect the security of credit, debit and cash card transactions and safeguard cardholders against misuse of their personal information.
According to PCI-DSS, any system or network that allows you to store, process or transmit data is subject to PCI compliance. Multifunction printers certainly fall into this category and must be protected according to stringent PCI controls¾or be considered out of compliance.
Healthcare organizations and companies serving the healthcare industry can’t afford to overlook copiers and printers when implementing HIPAA privacy and security measures. In April 2010, Affinity Health Plan of New York learned that the hard way. The organization had to notify three state agencies, federal authorities and more than 409,000 individuals of a major breach of health information that was to be protected according to HIPAA guidelines—for which Affinity had to pay a steep fine. The federal HITECH Act stipulates that penalties for a healthcare data breach can be as high as $1.5 million in one calendar year.
The best printer security advice for your customers
Given the critical importance of securing printing functions, it’s best to recommend a comprehensive, holistic approach. Your customers need to make printer security an integral part of their organization’s overall security policy. It’s not enough to secure the printing devices themselves. The data and the documents need to be protected as well. IT managers should make a concerted effort to:
- Purchase printers with security management software built into the devices.
- Control access to multifunction printers at the user and workgroup levels.
- Ensure the security of the data at every stage of the workflow—from the data path through the network all the way to the printing device.
- Lock down and secure printers and multifunction machines.
- Protect sensitive documents from loss, theft or interception.
- Implement printer-specific security measures over and above the standard network security measures, including antivirus/malware protection for printers and authentication and encryption software.
- Effectively manage how printing devices connect to the network—network ports left open by default are an easy way for hackers to gain access to the network.
- Make users aware of the print security risks and the relevant protocols and precautions to take when printing sensitive information.
With cyberattacks on the rise, and companies of all sizes at risk, IT managers need to take proactive measures to safeguard their printing resources—without impeding employee productivity.