Office Printer Security: a Comprehensive Strategy

These frequent print security threats go unnoticed by some firms, and may include theft of printed, direct attacks on the printers, and attackers using the printers as pawns in DDoS assaults. Also, given how every office computer user has access to one or many printers, there’s the risk of a network flaw which presents as a single open vector across the network. Finally, one must consider data leaks: printer caches commonly hold sensitive information, ranging from medical information to financial data.

Organisations that want to optimise, streamline, and simplify their printing environment can use managed print services (MPS) to better manage and optimise the finer points of printer security. Quocirca also noted that the distributed nature of print infrastructure had increased the risk environment, based on an analysis of 531 IT decision-makers from organisations of all sizes across the US and Europe.

Increase your multifunction printer security

Print volumes are increasing, according to Quocirca’s data, with employees continuing to rely on print in their daily job. According to the study, printing is still “critical” or “very important” to 64 percent of businesses, with 44 percent of IT decision-makers expecting an increase in office print volumes and 41% expecting an increase in home print volumes in the next 12 months.

Over half of IT decision-makers (53%) said it was becoming more difficult to keep up with print security concerns and needs. This figure was greater (61%) among CIOs than among CISOs (44 percent ). Only 26 percent of respondents were entirely certain that their print infrastructure would be secure when their offices reopened fully. Users of managed print services had a higher level of confidence (37 percent), and they were also more likely than other respondents to say that keeping up with print security challenges has become easier.

“Despite rapid digitisation over the past 18 months, organisations continue to rely on printing,” Quocirca research director Louella Fernandes said of the findings. However, as printer estates have grown to incorporate home offices and employee-purchased devices, the risk of data loss and cyber threats has increased. Organisations are unable to keep up with print security concerns, and as a result, they are incurring costly breaches.” Given that multiple print-related vulnerabilities continue to be discovered, printers must be considered as any other endpoint device in terms of security.

What are the risks of having a vulnerable office printer?

Although the leading printer manufacturers invest heavily in protecting the important documents which flow throughout the office environment, today’s office-class devices are far more than the office printer of old. The copier has been transformed into a “workplace assistant”, offering users the tools to print, scan, fax, email, and also to perform complex workflow tasks. As a networked device, preventing unauthorised access to sensitive documents requires more attention to data security than even the office workstation: after all, stringent digital security measures can’t protect the printed document.

Printer security risks are generally due to IT teams failing to take the necessary precautions. One of the most critical moves – changing the default password to one which is strong and unique – is often never taken. Ignoring such established best practices gives almost anyone access to the printer. Modern multifunction printers (MFPs) face a range of threats and vulnerabilities, including the following:

• Unauthorised access to print data, where any person can view printed documents which belong to someone else;
• Unauthorised configuration changes which re-route print jobs;
• Print job manipulation, which includes replacing the print content for others, or deleting logs to interfere with repudiation;
• Print data disclosure, such as accessing the print data from the memory and hard drives when printers are decommissioned;
• Exploiting a network printer as an attack point upon the network to which the device is connected;
• Cloud printing, which carries the risk of network exposure via the cloud print infrastructure;
• Wireless printing, which facilitates network attacks by malicious actors.

The Top 10 printer security priorities

When it comes to protecting your printer from threats, it’s not very different from protecting any other device on the network. You start by ensuring your printer’s operating system is up to date, that passwords are changed at appropriate intervals, and user authentication is enabled. From a cybersecurity perspective, it’s also clear that personal printers are less secure than using a multifunctional network printer from a leading brand.

 

1. Implement a printer security strategy

Businesses develop sophisticated training programmes centred on educating employees how to safely use mobile devices but routinely fail to address printers. You printer security strategy must include standards, policies, and procedures which regulate how printing resources are to be used throughout the organisation. The strategy should be layered so that as more sophisticated devices are deployed, the enhanced security functionality can grow as the business needs evolve.

2. Secure your printers

Proper printer security starts at the device. Most modern network and multi-function units come with access control, authentication, and other built-in security features. IT administrators should check with the manufacturer for firmware updates and recommendations on default configurations that protect the device while on the network. It’s also a good idea to keep physical security in mind by housing printers in a safe area and incorporating locks, proximity badges, and smart cards that protect against physical removal.

3. Encrypt printer data

Without print management software, it’s likely that your print job is travelling across your network in plain text, enabling interception by an hacker monitoring your network. Encryption between the user’s device, whether that a mobile phone or a wired workstation, must be a critical addition to your cyber security plan. The security benefits are obvious, and are especially acute when wireless submission of print jobs is enabled.

4. Monitor your print environment

Invest in the optimal tools to monitor how your printers are being utilised. Print management software enables IT teams to track print jobs, administer user access, and to monitor users who might be violating

5. Dispose of old printers properly

Never underestimate the amount of data which is stored within a printer. While office multifunctional devices have hard drives, home printers have ample memory which stores countless print jobs, and it’s long been a routine task to access such data. The best office-grade printers offer multi-pass disk erasure, while the storage device on a domestic device might be as discreet memory card or a single chip. No printer should ever be consigned to a skip, but should be treated instead as a document library until verified as fully erased.

6. Apply automatic updates

The surest way to minimise the potential risks of your print fleet is to ensure all software and firmware updates are implemented. Pay a lot of attention to the capabilities of your printers, and chose a brand which brings print management under a centralised console.

7. Use Secure print

Secure print, also referred to as “Follow-me” printing, forces users to identify themselves to the printer in order to collect their print job. Whether this is via a PIN code or an employee key fob, regularly updated, this mitigates some of the most common data breach risks.

8. Enable two-factor authentication (2FA)

Two-factor authentication should be enabled to where appropriate to requires users to authenticate via a secondary device, such as within the print utility or mobile phone, as well as via their key fob or PIN.

9. Disable unused functions

Manage your printer configuration carefully, and delete or disable any services which are not required. USB ports should be disabled.

10. Don’t forget the printers of WFH / hybrid workers

Conduct a risk assessment on all printers used by staff working from home, including hybrid workers. While your office MFP might be highly secure, hybrid workers are accessing the internet and printing at home on devices which are inherently vulnerable. Consider content security solutions and conduct formal risk assessments for every potential device, especially where there’s a BYOD policy.

The case for managed print services

Managed print services (MPS) suppliers are your strongest ally in taking control of all print security. Print security can be transformed into a non-issue with the correct combination of platform and software.

Entering into a managed print services agreement gives organisations the option to replace dated and insecure devices, while embedding the most secure cloud print management applications.

Which office printers have the best security?

While not immune from security threats, Xerox took the earliest lead in the industry, and regard the issue as their top priority. They ensured that every Xerox ConnectKey Technology-enabled device is protected by their four-point approach to security, which ensures comprehensive protection for all print components. Their methodology includes:

1. Prevention

A comprehensive set of capabilities prevents malicious attacks, proliferation of malware, and misuse of unauthorised access to the printer. Whether from transmitted data or directly at the MFP, all access points are protected through user authentication and access controls.

2. Detection

A comprehensive Firmware Verification test, either at start-up or when activated by authorised users, provides alerts if any harmful changes to the printer have been detected. McAfee Whitelisting** technology constantly monitors for and automatically prevents any malicious malware from running. Integration with Cisco Identity Services Engine (ISE) auto-detects Xerox devices on the network and classifies them as printers for security policy implementation and compliance. By interacting with the market-leading McAfee DXL and Cisco pxGrid platforms, Xerox multifunction printers (MFPs) employ an orchestrated response that neutralises threats at their source the moment they occur.

3. Protection

Advanced capabilities prevent intentional or unintentional transmission of critical data to unauthorised parties. Documents are not released until the right user is at the device and scanned information is protected from unauthorised users. Xerox also protects stored information, using the highest levels of encryption. Processed or stored data that is no longer required can be deleted using National Institute of Standards and Technology (NIST) and U.S. Department of Defense approved data clearing and sanitisation algorithms.

4. Leading partnerships

ConnectKey Technology provides extra security standards through their partnerships with McAfee and Cisco. They measure their performance against international standards with certifications like Common Criteria and FIPS 140-2 to ensure our devices are trusted in even the most secure environments.

Conclusions on printer security

It’s easy to forget that printers are simply devices with embedded processors that run software. Because printers often have web-based interfaces and wireless capabilities, and especially because they’re perceived as less important than servers, they’re easier to attack. Because printers are infrequently separated from workstations, they serve as an entry point for attackers into a network. Once on the internal network, a threat actor can scan for other unsecured devices and pivot until they get access to high-privileged accounts to realise their goals.

It’s clear too that Working from Home and Hybrid workers pose an underreported risk to your company’s information security. With the risk of a data breach magnified by home users lacking suitable shredding options, the case for implementing stricter controls on what people can print from where is emphatic.