Cybersecurity and Printers
Tips Small Businesses on Printer Security
A new printer comes with so many fabulous features. It is like a mini-computer into itself. And there lies a problem. Like a mini-computer or Internet of Things device, it can be hacked. And hackers are finding printers an attractive option for penetrating computer networks. In one study of over 200 companies, more than half had a data breach linked to a printer security gap. Some security experts believe that printer cyber-attacks will grow as more hackers start to use unsecured printers for crypto-mining. A typical business grade printer stores everything copied, scanned, faxed, and emailed on its hard drive. If the access to the printer is not secure from the outside, a hacker can steal documents from the drive as well as use the printer as a route into your computer network. 3-D printers are also vulnerable to cyber-attacks, since they are often used for trade secret prototype work or custom manufacturing. Lax security will allow a cybercriminal to access your design work or sabotage printing production as well as potentially accessing your computer network. If your business comes under the European Union’s General Data Protection Regulation (GDPR), your printers must be secured. Most businesses use printers for confidential data as well as other data and therefore are subject to GDPR.
What your business can do If you are using business grade printers, be sure to leverage the built-in security features. Talk with your cybersecurity expert so he or she can: Change the default password used for the administration control panel Use encrypted connections when accessing the printer administrative control panel Disable services you don’t use frequently (FTP, Telnet, etc.) that may be printer defaults Update and patch the printer firmware. Add this activity to your regular network administrative reviews Is your printer over 2 years old? Consider buying a new one with strong cybersecurity features. Manufacturers have added many new security features in recent years. When you shop for new printers, search the vendor’s product specifications web pages or talk to a sales person about what cybersecurity features come with the models you are investigating. Several major printer companies offer printer risk assessments for free. For example, HP offers a basic assessment that takes an hour or less. They will scan up to 20 HP network printers. If you are using home office/personal use printers, know that these printers have very little security built in. The printer may have internet access capability but without security measures to limit intrusion attacks. If you receive unwanted documents on your printer, don’t ignore them. Contact your cybersecurity specialist so he or she can investigate the source and take corrective action as needed.
About the Author - Carolyn Schrader is a seasoned cybersecurity professional and founder of the Cyber Security Group Inc., providing corporate cybersecurity services to high profile clients.