It’s fair to say that today, organisations are facing a broader attack surface than ever before. Businesses quickly found out that home working was more technology-dependent than ever before – unplanned for cloud adoption, shadow IT and unsecured home networks brought a wave of new threats. Now, with hybrid working here to stay, security risks and concerns remain one of the top pain points for IT teams
Security is a key concern for business leaders both inside and outside the IT department, particularly given the explosion in ransomware attacks in 2021, yet although most organisations pay close attention to securing their IT networks, the same level of attention isn’t always given to the print infrastructure.
This month’s panel discusses the importance of printer security, the risks of an unsecured print infrastructure, and how print and IT channel vendors can help customers mitigate risk and strengthen their security posture.
Kerry Rush, Product Manager,Sharp UK: “Print security is critical for any business. This is only becoming increasingly more important as the number of cybersecurity attacks rise and methods of infiltration become more complex and diverse. Consider the amount of personal, sensitive and financial information multifunction print devices process each day – these devices have a hard drive that stores a digital copy of everything printed, copied or scanned. Companies have developed policies and procedures that cover hardcopy material and IT infrastructure, but often print devices are overlooked.
“At Sharp we offer a full range of print security services that are as individual as each of our customers. Our priority when it comes to print security is to understand the risk, so we consult with our clients and assess their security needs before configuring each device with the required level of security. Our security audits identify areas of weakness and then we recommend preventative measures to keep documents and data safe and secure.”
James Pittick, Channel Director B2B Direct Sales, Canon UK & Ireland: “The shift to remote working during the pandemic saw a significant rise in cyber- attacks as cyber criminals sought to take advantage of dispersed workforces. According to a report from Accenture, there were on average 270 attacks per company over 2021, an increase of 31 per cent compared with 2020.
“As businesses continue to adapt to hybrid working and many employees are enjoying the return to a physical office space, it is important that a strong security system is in place. Robust network security as well as endpoint security, regardless of whether a cloud or an on-premise server infrastructure is chosen is essential. The foundation of a secure system is the capacity to incorporate potentially hundreds of devices and networks, ensuring that critical data remains safe. To tackle this, a multifaceted armour, combining VPNs, a zero trust architecture and updated antivirus software should be incorporated.
“Printing is a key element of this security system. Partners should consider offering their customers a solution that uses a cloud-based server, which enables printing to remote shared devices – whilst ensuring that all data remains secure and that all print jobs are traceable. Users from outside of the organisation can be restricted from the device, by preventing access to the universal queue, whilst access can be granted to clients and third parties where necessary and appropriate. By moving print management to the cloud, you can ensure consistent control and quality across a varied and distributed workforce.
“Other customers may manage print through an on-premise server, which helps ensure that all print data remains within an organisation’s infrastructure – and can only be accessed by a limited number of employees. This offers strong security benefits for industries that are printing sensitive documents, such as healthcare, legal and government organisations. Hybrid servers may also be considered, which offer the added security of an on-premise server teamed with cloud print benefits, such as multi-factor authentication and user access validation.
“The other consideration with print, is the secure disposal of documents. Just as you shouldn’t throw unshredded bank statements into the bins for collection, you should be just as cautious with company paperwork.
“While there has been a lot of speculation around security recently, it is important to keep in mind that even the most robust systems will have lapses. Investing in cyber education workshops can empower employees to make the right decisions, whether that’s in the office or at home.”
Andy Ratcliffe, Managing Director, Key Digital: “Print devices are often viewed in the same category as any other IT peripheral, but business printers and multifunction devices are smart connected devices. They are linked to anetwork and have the same potential threat level as any other network- connected device.
“By adopting the stance of ‘it’s just a printer’ some organisations may have blind spots in their otherwise secure networks. The print infrastructure should be included in any IT security policy to identify potential threats as network print devices are increasingly being targeted.
“We work by creating a framework of requirements with our customers – security being one aspect of this, focused on the zero trust model. It is then our job to develop and integrate a solution that meets that framework and how it will be managed long-term. Effective user engagement and training is vital when delivering a solution.
“Understanding that human error often accounts for more data loss than malicious attacks can be a hard message to deliver. By effectively using good practice, procedures and training, customers can reduce security risks stemming from their print infrastructure.
“Key Digital’s holistic approach ensures that security is understood, delivered and maintained throughout, strengthening our relationship and safeguarding our customers.”
Ronny Ecke, Pre-Sales Solution Architect, Apogee: “When people think of securing their devices, the prominent actions taken are to secure the laptop, desktop and server. Worryingly, fewer organisations consider printer security an area worth prioritising.
“We can only assume that people are not aware that a printer is an endpoint device on the Internet of Things (IoT), making it vulnerable to ransomware and DDoS attacks, and once a hacker enters an unsecured printer, they are able to do much more than print excess pages they now have access to the entire network.
“An unsecured printer opens a world of possibilities for the duplicitous hacker. Left unguarded, organisations leave themselves open to a plethora of risks. Data leaks are the most obvious risk, confidential documents such as customer data and employee information are regularly stored in printer caches making this data ripe pickings for a criminal. Once they have gained access to a Wi-Fi enabled printer, they can catch print jobs whilst they are being transferred to the printer and take this data with them to do with as they please.
“When a hacker targets a printer, it is as an entry point to get to more critical users and the core infrastructure. Once they’re aware of the critical users – knowledge acquired by simply locating your company address book, they can pose as business executives and begin phishing attacks; you’re far more likely to open an attachment in an email from a trusted partner at work than from an email address you do not recognise.
“As a managed workplace services provider, it is our duty to educate our customers on the risks printers present to their business and then provide the tools and education they need to strengthen their security posture, after all – a printer is only as secure as you make it. We make customers aware that print security is always a combination of both hardware and software, running concurrently to protect their business. For example, as part of HP Wolf Security, the Enterprise device range has two BIOS. The first BIOS is HP Sure Start, the hardware enforcement by HP powers up every time a device starts and compares the start-up BIOS code with the correct BIOS – this takes care of a firmware attack. In the case of an attack, the printer recognises it and starts from a ‘golden’ BIOS. The golden BIOS is physically on the printer, this ensures no one can tamper with it. The printer can then self-heal using the isolated golden copy, notifying that there has been a breach. The second solution to mitigating risks is HP Security Manager. The industry’s first policy-based solution helps increase security, strengthen compliance and reduce risk across endpoint devices – adding an extra layer of protection. The software allows users to put SSL certificates on the printer, which enables print jobs to be encrypted or data rerouted. The software also enables Wi-Fi and internet capabilities to be turned off, stopping people from physically turning it on at the printer.”
Tony Lomax, Product Marketing Manager for North EMEA, Lexmark: “IT managers and chief information security officers guard against threats to critical corporate data such as malware and ransomware. However, print infrastructure is one area that often falls under the security radar, and it lies within even the most hardened network perimeters. Inadequately managed devices on a network, such as MFPs, offer hackers a back door into the whole network, and can even lead to accidental data leaks from employees.
“Post-pandemic, security is high on the priority list for many IT managers. Print and IT channel vendors can help these businesses understand the security risks an unsecured print infrastructure can pose their business, while lending their knowledge and expertise to ensure the correct devices are implemented across a secure network. Providers of managed print services perform an essential role for large organisations.
Alongside general device and network maintenance, these specialists should also maintain proper security settings and install software patches to keep hackers from exploiting known bugs. The key is determining which providers have the security depth necessary to protect corporate information.
“Since service providers perform many management tasks remotely, they can obtain details about how a candidate’s network connects to the printer fleet and analyse how these links are secured, including whether the provider uses dedicated tunnels and VPNs to communicate with devices.It’s the service providers’ obligation to ensure a security strategy which has been implemented is specifically tailored to its customer’s needs, rather than applying one-size-fits-all security solutions.”
Mark Bailey, Managing Director, EBM Managed Services: “It is quite easy to overlook the security of network devices like MFDs. As MFDs are now seen and actively promoted by manufacturers as central documents hubs within the office environment, cyber threats based around document security are serious and end- users need to take as much action as possible. We have no doubt that potential hackers see printer security as a potential weak point.
“Depending on the type of security breach, the risks could be anything from low to extremely high. That is what is so worrying about any cyber security. In the SME market in which we operate, we have seen organisations using administrator level accounts for scan-to-email sending protocols with no two-step authentication and simple passwords. Should a potential threat discover this, then access to the whole email server could be relatively easy with potentially devastating consequences for the organisation.
“In our view the number one priority which most SMEs miss when looking at printer or any form of cyber security is people. Whilst it is an easy thing to do, we seldom see simple cyber security training within the SME environment. Cyber security always starts with the basics: people. You can have many sophisticated software and security systems in place, but if a user unknowingly invites a threat through the door via a phishing email or has weak passwords, then a breach will happen. Train your people to spot and be actively aware of the different forms of cyber threats.”
Mark Ash, Chief Revenue Officer, Konica Minolta Business Solutions UK: “It is vitally important that our partners and customers can trust implicitly the devices that they are adding to their network. There is no reason for any printer to compromise security and expose an organisation to network intrusion, data loss and regulatory compliance issues. The responsibility for this begins with us as vendors, to ensure that our products meet the highest security standards. For us this means subjecting them to rigorous internaland independent external penetration testing. As an example, our bizhub i-Series multifunction printers have been subjected to 80 hours of hacking by experts looking to find and exploit vulnerabilities. I am pleased to report that nothing could be detected.
“However, it is also important to recognise that not all security threats are external. Confidential documents left in an output tray (or remaining on the MFD hard disk) can present a real risk
if it falls into the wrong hands, whether intentionally or not. For this reason, it is essential to think about who can use which devices, for what purpose and where, at the point of installation.
“User authentication, account tracking and restricting access at an individual level, can help to ensure documents are only printed by those authorised to do so, and private documents cannot be printed by devices located in public areas. Simple steps such as requiring a valid credential – biometric, access card or password – to be entered on the device ensure the presence of an authorised person and reduces the risk of document loss.
“In the world of document and data security, it is rightly said that you are only as strong as your weakest link, so it is essential that printers are subject to the same stringent security standards as any other networked device. This can be achieved without compromising connectivity or productivity.
“When we look at the specific area of print security our recommendations to SMEs are always to keep things simple and effective. Utilise a print management tool such as PaperCut, keeping print and scan jobs encrypted. Keep firmware up to date with the latest releases. We all saw the headlines a few years ago when the WannaCry ransomware targeted Windows XP; out of date software is still an active target. Enable HDDs to overwrite on devices, and erase or destroy HDDs when replacing old devices. And most importantly, train your people. These practices all sound simple, and they are. However, they are very effective at keeping out threats.”
Andy Johnson, Solutions Alliance Partner Manager and Training Manager, Brother UK: “Businesses are continuing to bed-in the hybrid working policies they adopted last summer. But for all the benefits flexible working delivers, it has created a major security headache for the IT leads now in charge of dispersed networks of people – Censuswide research found that a third of IT decision-makers (ITDMs) say that data vulnerabilities created by remote workers was their biggest concern.
“Print security can be easy to overlook, which leaves the backdoor open for hackers to access networks, data and confidential documentation. Hybrid working has only exacerbated the problem – it’s much more difficult for IT leads to maintain oversight and control of all the devices connected to a company’s systems, which includes printers and multifunction devices.
“Many businesses are turning to print management solutions to tackle the challenge. These can allow IT leads to improve the security of their devices by automatically downloading the latest security updates to ensure that the firmware is one step ahead of would-be hackers. Tools such as Brother’s Remote Panel also bolster security as they can help IT teams to monitor devices, diagnose issues and fix vulnerabilities remotely, which is especially important in an age of decentralised working.
“Print management solutions also improve the security of the documents themselves. We work with partners like Kofax and PaperCut to offer cloud-based or on-premise solutions that enables IT leads to monitor what documents are being printed, prevent the printing of confidential documents and set rules to help reduce printing costs.”