It’s the quiet ones you need to worry about the most.
This old scrap of wisdom generally applies to people, but in an age when cyber criminals are accessing their targets through third-party air conditioning systems or suppliers providing custom applications, it certainly applies to printers. Yes, printers — those efficient, seemingly innocuous units sitting quietly in a remote corner of your office. They may seem harmless, but according to a growing number of security experts, the printer has become a legitimate attack surface.
Think about it. Today’s printers offer a dazzling number of print, scan, colour, and collation features that improve workflows and drive down costs. They are sophisticated computers complete with their own OS, hard drive space, and network connections, hidden beneath a simple but functional exterior facade.
Companies take great pains to protect the computers and, more recently, mobile devices on their network, but the office workhorse, the humble printer, is too often overlooked.
A recent IDC survey revealed some disturbing attitudes toward printer security:
- 26% fewer respondents considered printer security to be as important as IT security
- 16% fewer respondents placed as high a priority on print security as on IT security
- 13% fewer respondents were as confident with their company’s print security as with its IT security
- More than 25% of respondents indicated a significant IT security breach that required remediation. More than 25% of these incidents involved a printer.
Even some of the most seasoned security hounds make the unfortunate mistake of thinking that old, trusty printer in the often-absent VP’s office offers no temptation to Joe or Judy Hacker. Unfortunately, even the most miniscule of oversights can lead to a catastrophic security breach.
It is this fact of printers being so out of the spotlight, so low-priority and low-suspicion in security audits, that makes them such a threat. Many companies don’t bother to update the firmware on old printers while others are less vigilant when it comes to including every single printer in the office in a security sweep.
Through printers, companies face any number of threats and vulnerabilities, including but certainly not limited to:
- Physical document theft or snooping: Any person, be they co-worker or office visitor, can just walk over to a printer and either read or steal printed documents.
- Docs on storage: Printers with an internal hard drive can store print jobs, faxes, and document scans and copies. An external player has only to get their hands on your printer — whether by stealing it or securing it after you replace and dispose of it — to get their hands on your critical data.
- Straight-on net hack: Someone on your network can hack a network-connected printer without surprisingly little effort; this is especially true if your printer is “vintage” and lacks security features and password protection
- Eavesdropping: Bad actors can “listen” to your network printer traffic, and from doing so capture the documents you are sending to your printer(s).
The Epson paper “The Small and Medium-Sized Business Guide to Securing Printers” is intended to raise awareness on security issues related to modern business printers and common printing practices, and offers points for small- and medium-sized businesses to consider as they work to improve printer security.