Are Printers the New Endpoints of Security Vulnerability?

Featured article by Michael O’Leary, Vice President-enterprise Accounts at Pharos Systems International

As the internet and the international hacker community have evolved, network security has become essential for all companies. Yet, despite the fact that small and large corporations all over the world are going to great lengths to protect their infrastructure and data, networks are still being hacked on a regular basis.

In March, The New York Times reported that a hacker remotely targeted unsecured printers on college campuses across North America. Many locations were affected, including leading institutions such as Princeton, the University of California, and the University of Massachusetts. The hacker found a way to remotely print anti-Semitic, racist fliers across all of these campuses.

Although this attack didn’t compromise any data and only succeeded in setting off a wave of alarm, anger, and disgust, this example plainly illustrates how basic technology and lax security measures can give hackers access to multiple devices and entire systems. The fact is that today’s printers are often full-scale networked computers that require the same security focus as any server or workstation.

Even though company leaders continually seek to improve their security and reduce risk, some basic things can be overlooked. Taken at face value, the office printer may seem innocuous, but in reality, it can serve as a door through which a hacker can gain entry to your systems if it’s unwittingly left open.

Not everyone thinks about printers when it comes time to create or reevaluate security policies. However, to avoid cracks in the foundation of your organization’s network security, it’s important to implement policies and procedures for the print infrastructure across the enterprise to keep it secure and your systems protected.

Document Security and Confidentiality

The other facet of print security is the protection of confidential information. It’s not uncommon for people to carelessly print documents that contain sensitive information intended for certain eyes only.

How many times have you seen documents left sitting on or near a printer? This is why a comprehensive print security policy must include measures that ensure document confidentiality.

Deploying technology that forces employees to enter their network credentials at office printers before they can receive their documents — called secure pull printing — eliminates piles of forgotten documents and prevents sensitive information from being accessed or picked up by passersby. This is especially beneficial in the financial and healthcare industries, where sensitive information is handled routinely.

Best Practices for a Secure Print Policy

New printers typically have an open configuration by default for the purpose of simple “plug and play” network connectivity. However, this may leave the device open to every network port, which is not something you want to leave as-is.

Following these steps can help you create a more secure print environment:

1. Lock down every network printer. Change each printer’s password from the default to something unique. If available, configure the built-in firewall on the device. Create your access control list, and be sure to create a firmware update schedule as well.

When manufacturers make firmware updates available, they often include security patches. Staying on top of these updates is just as important as keeping up with any other security updates on your network. And security steps taken during initial out-of-the-box setup should always be repeated after any major service, as devices are usually subject to factory reset during repairs.

2. Stay abreast of the latest news and recommendations. As you know, the security landscape is constantly changing, and printer security is no exception. To stay informed about the latest standards and threats, leverage available resources and educational materials from organizations such as HIPAA, PCI, NIST, and OWASP.

3. Put your visibility to the test. Check to see whether your printers and other devices are visible to the outside world using tools such as the Shodan search engine for some self-evaluation. These tools allow you to see your security the same way a hacker searching for vulnerabilities on your network would. Then, you can take the appropriate actions based on the results.

4. Deploy secure pull printing technology. This critical security layer protects document confidentiality and enables organizations to create an audit trail by tracking all the relevant details of printing activity across the enterprise.

If this secure printing workflow presents a change for employees, you can employ basic change management methods to help make the transition successful. When people understand the implications and the benefits, they tend to embrace the plan.

Creating and maintaining a solid security policy for all network devices is essential.

When your policy includes print management and standards for secure device configuration, maintaining network and information security will be simplified.

Michael O’Leary is vice president-enterprise accounts at Pharos Systems International, a print management software and solutions company based in Rochester, New York. With more than 30 years of experience in the technology and print industries, O’Leary leads an organization that provides expertise in software, subject matter, thought leadership, and best practices to some of the largest companies in the world.