It’s easy to overlook printers when planning for cybersecurity for your business. Consider this: In 2016, HP reported that 18% of respondents to their survey reported security issues associated with printing devices, while 91% associated the risk with PC devices, 77% – with Mobile devices, and 77% with server devices. However, in reality
- 64% printers had malware infections
- 60% of printers experienced data breach
These statistics demonstrate how significantly underestimated printing security issues are to the SMB IT decision makers.
Top Printing Security Concerns:
There are several major security risk areas for printing that need to be addressed.
1. Devices and Their Configuration Settings
There are many different types of printers. Businesses choose printers for their computer network based on various requirements, such as speed, quality of type and graphics processing, font limitations and impact/non-impact types.
In terms of the technology used, printers fall into the following categories:
- LCD & LED
- Line printer
- Thermal printer
Devices are often just connected without realizing that most devices have default settings for open ports and configuration settings that allow other users to connect to the device. When adding the printing device to the network, the ports must be closed, and configuration settings set to not allow other users to connect.
Any device – and that includes printing devices – that contains a hard disk drive should include options to encrypt saved data. Check with your IT provider if your printer disk encryption option is enabled.
Misconfigured enterprise printers can be abused by cybercriminals to print undesirable content, gain unauthorized access to data, store malicious code, and evade detection.
2. Data in Transit and Data at Rest
Protecting sensitive data both in transit and at rest is imperative for modern enterprises as attackers find increasingly innovative ways to compromise systems and steal data.
Data in transit, or data in motion, is data actively moving from one location to another such as across the internet or through a private network. Data protection in transit is the protection of this data while it’s traveling from network to network or being transferred from a local storage device to a cloud storage device – wherever data is moving, effective data protection measures for in-transit data are critical as data is often considered less secure while in motion.
Data at rest is data that is not actively moving from device to device or network-to-network such as data stored on a hard drive, laptop, flash drive, or archived/stored in some other way. Data protection at rest aims to secure inactive data stored on any device or network. While data at rest is sometimes considered to be less vulnerable than data in transit, attackers often find data at rest a more valuable target than data in motion.
The risk profile for data in transit or data at rest depends on the security measures that are in place to secure data in either state.
3. Malicious access by external cybercriminals
When your network and your printers are not properly protected, cybercriminals can download data from your printers and gain access to proprietary data, and even re-distribute or resell it to other cybercriminals. An unprotected printer is a clear violation of HIPAA regulations.
4. Unauthorized Access to Documents
One of the most underestimated risks associated with print security is associated with the human factor: documents are commonly left in the tray. Healthcare providers and their business associates must be especially concerned. HIPAA compliance means not just preventing unauthorized access to digital records, but also to documents; in addition, there must be a record made of user access to data. Printed documents often contain confidential PHI, and can potentially expose confidential data such as private patient information, or financial statements. That places the practice at risk for a security breach.
There are also risks associated with exposing documents left in plain view, especially when printers are placed in common areas, such as hallways, or too close to the reception area where visitors are able to see or access the documents.
A pull or a pin printing solution can help prevent HIPAA rule violation by requiring a user to authenticate at the printer in order for a document to print.
5. Unauthorized Use Printer Features
Another human-related risk is an unauthorized use of printer features,
Ideally, an access management solution must be put in place and used to enforce IT policies in any organization that must meet certain compliance standards, both for authorization protocol and for the audit trail, if and when needed.
6. Organizations’ ability to identify and respond to a security breach from printers
When it comes to cybersecurity, printers are often overlooked and don’t get enough attention. Organizations of all sizes must take steps to address the printing vulnerability issue, but they also must ensure that the overall cybersecurity readiness, response, and recovery are properly planned for.
- Readiness is not just willingness to prepare, not just a 24/7 Monitoring, but also to the readiness of technical and human resources.
- The organization management’s response can either contain an incident or escalate it into a crisis.
- Steps to recovery and return to normal operations and efforts minimize the damage your business endures as a result of the security issue or a breach include assessments of the incident causes, management of the incident, proper reporting when applicable, and implementing lessons learned into the readiness plan for the future, coming back full circle…
Does your business have a highly effective cyber crisis management plan? Take care of it before a cyber incident occurs.
Call us 201-493-1414 to talk to our IT consultants or Request a Consultation today. Let’s start a conversation to make sure your devices are safe, your network is protected, and business continuity is secured.
You may be interested in Intelligent Business Continuity services from our NJ IT Security Consulting, IT Services, and Computer Network Support company for Small Business, that includes all assets of Managed Services.