Printers are an often overlooked pathway into a company network. Whether it is a misconfiguration or a security flaw: There are ways to remedy both.
Cybersecurity is high on every company's agenda. This is reflected in the security of internal networks, a strict update policy for software, an awareness campaign among employees against phishing, and a strict protocol for the use of mobile devices. But have you also thought about your network printer over there in the corner? If not, then you might want to – because your printer might just be the break an attacker needs to blow through your otherwise pretty tight security. And no, I am not not just talking about a distracted colleague who left confidential documents sitting on the output tray of your office printer on accident.
These days we are all talking about Internet of Things with numerous connected devices. But these connected devices can pose a threat to your SMB's cyber security and printers are no exception. A study by Quocirca in 2022 found that 68 percent of printer-security related cases resulted in data loss. These breaches, of course, cost companies money. An estimated average of 800.000 euros per year according to the study. The modern printer is actually a rather capable computer. As such, it can be a gateway for hackers to access sensitive data and even infiltrate entire corporate networks. Fortunately, you can secure your printer network without too much effort.
But there are much more security related printer problems. Finnish cybersecurity firm WithSecure ( formerly F-Secure) sounded the alarm on HP printers November 2021. An investigation showed that multifunctional printer models are vulnerable to cyberattacks. By exploiting a security hole either in the physical access ports or the so-called font parsing vulnerabilities, cyber criminals can take control of the printer. HP itself announced that the security vulnerabilities could affect more than 150 multifunction printers. The vulnerabilities require some technical skills (and in case of the port vulnerabilities also physical access to the device) to exploit but an experienced hacker could do massive damage via your HP printer. For example, the vulnerability could be used to launch a cross-site printing attack. This involves websites sending, without the user's knowledge, a print job containing a corrupted font file for the printer to interpret. This gives the criminal certain permissions on the printer itself and thus by extension also to the network. With these permissions on the device, attackers can access all information sent to (or cached on) the multifunction printer. Alternatively, malicious documents can be sent to the printer and asked to print them.
On a more positive note: With the latest security patches you can repair all these vulnerabilities. Therefore you shouldn’t think twice when you install an new printer on your network. So let’s have a detailed look to see what you can do to secure multifunction printers.
With the following advice and tips, you can make it a lot harder for hackers:
- Update the printer when security updates becomes available
As with other devices, you should update the printers' firmware regularly. As these updates contain new patches, the printer is then less vulnerable. Also remember to set a self-chosen and sufficiently strong admin password instead of relying on the default password (or not using a password at all). - Disable all unused services
Printers offer many functions. Perhaps the best advice is to block the functions that are not used, so that they cannot serve as an access route for hackers. For example, the FTP function, a way to send files. Don't need it? Then turn it off. After updating the firmware, check whether your settings are still active. A printer will then often return to the factory settings. Which means that even if you have disabled unneeded services, they might end up being enabled again after a firmware update. Some devices also allow you to back up your configuration to a file – an option you might want to make used of. - Physically secure the printers
Sometimes you cannot avoid printing sensitive information on paper. But you can ensure that this sensitive information does not fall into the wrong hands. Therefore, put the printer in a safe place, such as a locked room. You can also place the printer near an administrator. They can then check and make sure that no prints are left behind. Some printers have codes or require passwords that you must enter on the printer itself in order to start a print job. Enable these features so that printing is only done when someone is actually standing next to the machine. - Appoint a person in charge
Perhaps you have a designated person in your company who is responsible for updates and software patches. Or for providing access badges to new employees. For printers, though, it's often a different matter. Perhaps each team manages its own network printer. Or you have a situation where one person installed the printer at some point and never thought about it again, except for when any consumables needed replenishing. Therefore, also appoint a person responsible for the security of your printer network. You can also consider an external specialised party (the integrator?) and choose an internal employee as contact person. - Disconnect your printer from the public internet
This is one of the most important steps in protecting the printer network. Why would anyone outside the organisation need acccess to the printer? Isolate the printer network from the 'public network' and set up a firewall rule that blocks incoming and outgoing communication between the printer and the public internet. - Monitor who is printing
The best way to monitor printer usage and control who has access to your printers is an IAM (identity access management) program. You can also use these user profiles for other IT-related tasks. For example, if you use Microsoft Office, you can use the Microsoft Active Directory to manage these passwords and regulate printer activities. You can set up profiles so that only people from certain teams can use certain printers. Or that HR staff can only print their documents with the HR printer. - Monitor suspicious activity
In addition to the above actions, you want to monitor your printer network for unusual activity. Recent printers already offer these functions: audit, tracking and logging. This gives you data about things like usage statistics or ongoing costs and also the possibility to get an idea of which users submitted what print jobs. If the printer doesn't offer this option, look for software add-ons that enable auditing and tracking. - Consider upgrading your printer fleet
Many new printers have built-in security features that make it easier to secure your network and protect it from a cyber attack. For example, an Approved Senders feature that lets you specify whether someone can send something from their email for printing. Or the feature that automatically deletes old print jobs from the printer memory.