twitteryou tubefacebookacp

The insecurity of network-connected printers

HP printerIn order to reduce the threat of malware, HP has introduced Laser Jet Enterprise printers, which can detect and thwart malicious BIOS attacks; along with Whitelisting, which ensures known, good firmware can be loaded and executed on a printer; and Intrusion Detection, that provides in-device memory monitoring

According to HP Middle East print hardware category manager Pawel Miszkiewicz, at present, printer security is an overlooked security risk. As a result, most organisations are pessimistic about their ability to prevent the loss of data contained in printer memory and/or printed hardcopy documents. What?s more? 60 per cent acknowledge that they have experienced a data breach via a network connected printer. There are, however, a variety of measures, both in terms of policies, practices and advanced technology that every company can take to stop hackers and malicious attacks in their tracks and keep their data and sensitive information safe.

Ponemon Institute research, commissioned by HP, has shown just how many companies are ignoring the threat printers pose. Out of some 2,000 IT professionals across North America, EMEA, Latin America and Asia Pacific, surveyed by the institute, only 44 per cent of respondents said that their organisations? security policy includes network-connected printers.

What are the risks of unsecured printers?

If your printer is accessible via the Internet, the field of potential hackers becomes virtually limitless. The main threat is that printer could provide hackers with a point of entry to access the company?s network. This could result in the installation of malware on the printer itself to control it remotely or to gain access to it, which could lead to the theft or loss of sensitive or confidential data. According to the Ponemon Institute, 64 per cent of IT managers believe their printers are likely infected with malware. Yet at the same time, 56 per cent of enterprise companies ignore printers in their endpoint security strategy.

As well as theft or loss of data via a printer, attackers could also send bizarre print jobs to it, use the printer to transmit faxes, change its LCD readout, change its settings, launch denial-of-service (DoS) attacks to lock it up, or retrieve saved copies of documents.  

The security risk that network-connected printers pose is also expected to increase due to the expanded use of mobile technologies, the increased rate of malware infection, the growing army of remote workers and more and more network connected devices. This may explain why most respondents ? some 57 percent ? predicted a data breach resulting from insecure network- connected printers in the next 12 months.

How can organisations reduce printer vulnerability?

Technologies that help pinpoint high-risk printers, such as those containing malware, are critical, according to 70 per cent of respondents.

This includes user identification, through PINs or other verifications that can eradicate the risk of the wrong person picking up your document as can using printers installed with physical locks and shielding on input trays to avoid theft or loss of documents. Data encryption protocols can also prevent documents from being intercepted while travelling across a network, while advanced security controls and authentication through PINs, biometric solutions or smart cards that have to be used before access is granted, can also secure a device?s control panel.

People management

While secure printing technology is a key to safeguarding your network, attention needs to be placed to how employees interact with and use these devices, so that they don?t become the weak link. According to our research, 56 per cent of respondents believe employees in their organisations do not see printers as an area of high security risk. This could lead to negligence when using printers and other peripheral devices that contain sensitive and confidential information. To combat this, stringent training and awareness programmes should be given to address the appropriate handling of sensitive and confidential information. These need to be delivered and assessed frequently to ensure compliance.