How to secure your network weak links to improve compliance

MPS Security > How to secure your network weak links to improve compliance

How to secure your network weak links to improve compliance

Printing fleet vulnerabilities could be exposing your business to security and compliance risks.

It has never been more crucial for companies to have multiple layers of protection covering every endpoint in their infrastructure, including the devices that aren’t getting security attention today.

In a 2016 Global State of Information Security Survey, PwC reported that organisations have experienced a 38% increase in detected IT security incidents¹. Attacks are more frequent, more aggressive, more sophisticated and more unpredictable.

And while new regulatory requirements recognise that breaches are inevitable; organisations must prove they haven’t been negligent in their handling of customer data. If negligence is shown, organisations could be penalised with significant fines.

Investigate every corner of your infrastructure

It’s essential for security teams to investigate every corner of their business IT infrastructure and build an extra layer of protection on top of standard network perimeters. Firewalls alone cannot withstand sophisticated attacks. A security policy extending layers of protection to network endpoints is a must-have for businesses to meet regulatory requirements and avoid costly fines.

Printers are often ignored as businesses focus on data centres, the cloud and mobile devices while they move towards digitisation. However, if a printer is connected to the Internet, it’s as vulnerable to an attack as a PC. Take the extensive breach across multiple US colleges in March 2016, where a hacker discovered 29,000 unprotected printers and accessed dozens of them to spew out hate flyers. The breach showed that unsecured endpoints such as printers can be remotely accessed and hacked.

In a recent study by Spiceworks, it was found that 82% of organisations experienced an IT security breach in 2016 yet very few are taking printer security as seriously as they should. Only 16% of organisations perceive printers as a high risk. Although nearly 57% have security practices in place for printers this trails other endpoints with 97% having security practices in place for desktops and laptops.²

"Security breaches are not confined to computers or mobile devices but can also originate from other endpoint devices, such as network printers. Hackers have been known to gain entry to an organization's network via open ports on the network printers. This method allowed Russian hackers to penetrate a Denmark-based company that performs sales, service, and technical solutions for the metal, furniture, and automotive industries. The hackers gained entry to the company's network via one of its label printers. They then demanded a ransom to unlock the company's IT systems, customer information, and other vital data." Evan Hardie, IDC³.

IDC also found that on average, organisations can reduce the frequency of printer security breaches by up to six times if they deploy enterprise printing security solutions⁴.

Common security controls to protect data and stay compliant

With governments frequently updating their compliance requirements, it can be challenging for businesses to keep up with regulations. In response, the Center for Internet Security has developed a checklist of controls that outline the most important requirements. These handy Critical Security Controls can help businesses strengthen security policies and organise action plans to meet common compliance regulations.

The following Critical Security Controls could help your IT team protect your print devices, data and documents as part of your larger security plan.

CSC 1: Inventory of Authorised and Unathorised Devices

First, know every endpoint in your infrastructure. Your IT team should run an audit of all the hardware devices on your network, from your PCs to your printers and create an inventory of authorised and unathorised endpoints.

CSC 2: Inventory of Authorised and Unathorised Software

Your IT team should ensure that only authorised software is installed and running on your network, and check that all software solutions and firmware loaded onto printing and imaging devices are up-to-date, signed, and validated to be authentic.

CSC 5: Controlled Use of Administrative Privileges

Your IT team should restrict the administrative privileges on your endpoints to ensure only IT or authorised personnel can change settings. Extra protection is achieved with security management software to deploy administrator passwords across the fleet and lock down unnecessary access.

CSC 9: Limitation and Control of Network Ports, Protocols, and Services

Your IT team should ensure that ports and un-used protocols (such as FTP or Telnet) that hackers can use to access your printer are disabled. Save time by deploying a print security management tool to automatically keep device settings compliant across the fleet. They should also limit access to device functionality by implementing role-based access controls.

Does your IT team know the weakest link in your infrastructure?

Organisations surveyed by Ponemon experienced on average 2 attacks per week in 2016, an increase of 23% year on year⁵. Although many IT departments rigorously apply security measures to PCs and the network, printing and imaging devices are often overlooked. But printers can provide an entry to your network and securing them is just as important. Of all significant data breaches reported by IT managers in 2015, 35% involved their printers⁶.

The wide scale impact of a cyber security breach

High-level security policies that don’t consider added security protections on endpoint devices could mean a business is non-compliant with the latest regulations and at risk of costly fines, lost business, damaged reputations and class-action lawsuits. The Ponemon research revealed that the average company also lost on average $9.5 million annually in the fight against cyber crime⁷.

Including printers in your endpoint security plans can help your business be better protected and compliant.

Learn more about how to meet GPDR compliance requirements for network and data security with our in-depth guide.

Download guide