Alistair Millar discusses how, without proper measures, printers can become the weak link in a company’s security
Every new cyberattack story reported leaves every business feeling that little more vulnerable. Especially as recently the victims have been large corporates with, presumably, extensive security measures in place. For example, only recently Deloitte was said to be investigating a breach of its email server.
With new regulations such as the pending GDPR putting data protection security at the top of the agenda the stakes are getting higher as the threat becomes stronger.
But with the emphasis on computers, many don’t think of printers as a possible weak spot for hackers to exploit. However, those that connect to the internet are just as susceptible to attacks as any other device. And, because they are seen as low risk, they are becoming key targets.
Earlier this year, someone claimed to have hacked more than 150,000 printers successfully, sending documents to print to alert people to the fact that the devices had been comprised and to highlight how easy it was. Now, increasingly, printers are being seen as a ‘back door’ for hackers to sneak through, giving them access to an entire network, including data.
Using this route, ransomware can be spread to all other devices on the network. In addition, the typical office printer also has a PC-style hard drive storing digital copies of every document it has ever scanned or printed, so hackers also have access to a company’s most confidential documents.
A straightforward firewall on the printer will make it a less appealing target. However, this won’t put an end to the problem. There are other less high-tech but more likely ways your sensitive documents could be compromised. The most obvious and common problem is leaving documents uncollected at the printer. While, this may not cause such a high-profile security alert as being hacked, it can still cause a breach of data protection laws.
Working with your office technology supplier can ensure you are doing everything you can to protect confidential information. For example, including secure document release software with your devices. This means users must authenticate themselves in order to release documents from an encrypted print server. This will ensure that nobody can just sit at another person’s computer and gain access or leave with any confidential documents. Documents held on device hard disks for too long before authentication will be deleted and overwritten in the storage area to prevent them from being retrieved and printed by unauthorised users.
You should also consider a device offering protocol settings with encryption implemented and configured to print fleet devices. Without this setting, hackers could quite easily take the document in transit from the computer to the printer.
Jobs can be held and checked with optical character recognition (OCR) for sensitive content before being printed. Again this ensures that the right person is collecting the right documents from the printer. In addition, authentication protocols ensure that document cannot be scanned or printed without permission.
Alternatively everything can be encrypted into an unreadable code to prevent it being easily deciphered. Adding this feature means that even if someone can access your documents, they won’t be able to decipher the information.
Finally, security precautions are only as good as the weakest link and often this is the unpredictability of humans. Make sure staff are all aware of the dangers, the pitfalls and the financial consequences of careless practice – especially as GDPR threatens some eye-wateringly large fines for non-compliance.