In March last year, a series of anti-Semitic, homophobic and racist fliers mysteriously appeared at a dozen college campuses across the United States. Carrying white supremacy messages, these fliers were able to make their way to colleges including Princeton University, Brown University and the University of California, Berkeley, as they were produced by these campuses’ publicly accessible printers. This means that these printers will accept print jobs from any devices connected to the Internet—which paints a rather worrying picture of the state of printer security today.
More than just printing offensive messages and wasting printer resources, this lax printer security arrangement should be eliciting greater concern; if computer hackers are capable of accessing your printers, they can also easily intercept these devices and steal confidential data. Few organizations have integrated printer security into their IT security policies, and it’s only a matter of time before print devices becomes a popular attack vector among hackers.
But why should printer security become an integral part of any security strategy? Unlike the printers of yesteryears, today’s printers, such as multi-function printers (MFPs), increasingly resemble personal computers and laptops, with some even capable of sending emails. Many printers also possess similar components as other endpoint devices, such as disk drives, operating systems and even built-in network capabilities. However, as fully functioning endpoint devices, their data are hardly encrypted, while printer security requirements are hardly understood or even defined. Printer maintenance and repair tasks often reset the devices to their factory settings, which leaves them even more unsecure. In addition, the physical security of printers is also crucial. It is also important to note that the shared network printer output tray is where many sensitive documents, such as financial statements, customer information, and proprietary data lay.
In light of high profile hacks such as BIOs and firmware attacks, as well as man-in-the-middle attacks—in which attackers stealthily alters the communication between two parties on a network—it’s high time that printers are treated like any other network devices. One way is to ensure that printers are locked whenever possible by implementing authentication and encryption measures as part of the security strategy. Patches and security updates should be regularly scheduled, and printers should always be monitored for suspicious behaviour. Secondly, IT security policies should be clearly defined, complete with risk assessment and mitigation plan for your print infrastructure. Finally, your print or security vendor should be able to help you deliver a secure print environment, should you need it.
To find out more about printer security and the security measures you can take, visit HP.com/ReinventSecurity.