Printers used in today's enterprises are extremely powerful networked devices that make them an easy target for cyberattackers. As useful as they are, network printers can put any business at risk for serious security breaches. To minimize the risk, businesses need to employ strong endpoint security – and protect their networks from printer hacking.
Recognizing the Security Risk of Network Printers
Today's network printers enable employees – both in-house and remote – to print documents from their laptops and other devices, without being directly connected to a dedicated printer. Unfortunately, unsecured network printers present a potentially sizeable security hole and are becoming the go-to method for hackers to attack corporate networks. According to the Global Print Security Report, 60% of businesses have experienced a security breach related to connected printers in the past year.
Since many organizations do not recognize the security risk posed by their network printers, they do not adequately secure them. With adequate security, organizations could be leaving their entire network open to attack.
Why Hackers Target Connected Printers
One factor that makes printers attractive to hackers is all the documents that get printed, scanned, copied, or faxed in a typical organization. These documents often include financial statements, tax forms, employee data, memos, and letters containing sensitive information. Any hacker who can hijack these documents can retrieve a treasure trove of data that could be used against the company or its employees.
Equally important is the fact that each printer connected to the corporate network functions as an endpoint to that network. That is, the printer can be an access point for hackers to enter the system. From there, malicious actors can access other devices on the network, including computers and servers that store valuable digital data. Since the average connected printer is typically less secured than employees' computers, this represents an easier way for hackers to attack a network.
MFPs Are Even More Vulnerable
Many printers today are multifunction printers (MFPs) that combine printing, copying, scanning, and faxing capabilities in a single unit. MFPs, unfortunately, are capable of even more damage than single-function printers. Possible vulnerabilities include:
- Changing printer configuration to route print traffic to the hacker's computer, thus intercepting sensitive data
- Manipulating print content or inserting new content in print jobs
- Accessing print data from the printer's memory
- Sending faxes to a deliberately mistyped number
- Retrieving unencrypted faxes, scans, or copies from the MFP's memory
Endpoint Security for Network Printers
Cyberattackers are increasingly using network endpoints, including connected printers, to obtain unauthorized access to corporate networks. As detailed in the 2019 Endpoint Security Trends Report, 70% of data breaches today originate from network endpoints.
Since all network printers function as endpoints to the company's network, companies need to employ endpoint security for all their connected printers. In essence, every network printer needs to undergo the same type of security treatment that companies give to computers and other more recognizable endpoints.
Keep Device Drivers and Operating Systems Up to Date
Printer manufacturers constantly update their operating systems and device drivers to eliminate bugs and protect against newfound security threats. For this reason, the operating systems used by network printers need to be kept up to date, as do the device drivers for all connected hardware.
Frequently Change PINs and Passwords
To reduce the chances of a security breach, the PINs and passwords used to access network printers need to be changed regularly. The use of strong, hard-to-guess passwords should be a routine policy.
Disable Unnecessary Print Services
To reduce the number of ways a malicious actor can hack a computer, disable all unnecessary services and options on each connected printer. Don't give hackers more ways than necessary to break into the system.
Restrict User Access
The number of employees with access to network printers should be restricted to only those with legitimate needs. Companies should create a whitelist of users who can access any given printer. Users not on the list would be denied access. A similar whitelist of approved computers and other devices should also be created so that computers used by hackers would automatically be denied access.
Employ Endpoint Scanning
All printer use should be constantly monitored. When suspicious activity occurs, staff should be alerted. Also, printer activity should be tracked over time, and anomalous behavior flagged and investigated.
Encrypt All Data
All data sent from users to connected printers should be encrypted. In case transmissions are hijacked, the encrypted data would be unusable.
Let Doing Better Business Improve Your Endpoint Security
Doing Better Business offers managed IT services that can help you better secure the connected printers on your corporate network. Our expert staff knows all the tricks that hackers use and how to keep your network printers secure. Let us help you apply endpoint security to all your connected devices – and protect against unauthorized access and data breaches.