The insecurity of network connected
Challenges of securing network connected printers and the threat they pose to an organisation’s network.
Printers are an integral and ubiquitous part of the workplace. They have their own hard drive, OS, and direct network connection. They are essentially just likes PCs. But while everyone is aware of the need to secure and protect PCs, people don’t think of printers as similarly fallible.
Ponemon Institute research, commissioned by HP has shown just how many companies are ignoring the threat printers pose. Out of some 2,000 IT professionals across North America, EMEA, Latin America and Asia Pacific, surveyed by Ponemon Institute, only 44% of respondents said that their organisations’ security policy includes network-connected printers.
What are the risks?
If your printer is accessible via the Internet, the field of potential hackers becomes virtually limitless. The main threat is that a printer could provide hackers with a point of entry to access the company’s network. This could result in the installation of malware on the printer itself to control it remotely or to gain access to it, which could lead to the theft or loss of sensitive or confidential data. According to Ponemon Institute findings, 64% of IT managers believe their printers are likely infected with malware. Yet at the same time, 56% of enterprise companies ignore printers in their endpoint security strategy.
The security risk that network-connected printers pose is also expected to increase due to the expanded use of mobile technologies and the increased rate of malware infection. This may explain why most respondents, about 57% predicted a data breach resulting from insecure network- connected printers in the next 12 months.
Technologies that help pinpoint high-risk printers, such as those containing malware, are critical, according to 70% of respondents.
HP has been working with end users to reduce the threat of malware, including the latest laser jet enterprise printers, which detect and thwart malicious BIOS attacks; Whitelisting, which ensures only known, good firmware can be loaded and executed on a printer and run-time intrusion detection.
Reducing the threat of external threats (e.g malware and hackers), securing your printing technology can also reduce internal threats. This includes user identification, through PINs or other verifications that can eradicate the risk of a wrong person picking up your document as can using printers installed with physical locks and shielding on input trays to avoid theft or loss of documents. Data encryption protocols can also prevent jobs or documents from being intercepted while travelling across a network.
While secure printing technology is a key to safeguarding your network, attention needs to be placed to how employees interact with and use these devices, so that they don’t become the weak link. According to our research, 56% of respondents believe employees in their organisations do not see printers as an area of high security risk. To combat this, what’s needed is stringent training and awareness programmes to address the appropriate handling of sensitive and confidential information.
Not all divisions are equal
The types of information generated and or printed in different departments vary, as does the security risk these printers pose. According to our research the mostly likely places for a data breach to occur via a printer is in executive management, sales and HR. In such departments, printer-related security practices and access controls must be strengthened. Only 30% of those polled say their organisation has a process for identifying high-risks.
Lack of governance
At present, printer security is an overlooked security risk. As a result, most organisations are pessimistic about their ability to prevent the loss of data contained in printer memory and or printed hardcopy documents. What’s more, 60% acknowledge that they have experienced a data breach via a network connected printer. There are however a variety of measures, both in terms of policies, practices and advanced technology, that every company can take to stop hackers and malicious attacks in their tracks and keep their data and sensitive information safe.