Beware The Wolf—stories of common printer security vulnerabilities
1 March 2017
Printers represent some of the most easily exploitable security vulnerabilities on your network. We’ve highlighted in a brand new HP Studios video series featuring your new top villain;
The Wolf. The storylines are all based on real vulnerabilities which we regularly see on our customers’ networks. But unlike some of the other human-error-based vulnerabilities highlighted in the videos, securing your printers is generally an easy fix.
Watch the full-length video (6:22) here:
All the connection. None of the protection.
Just as technology upgraded from rotary to smart phones and from dial-up to Wi-Fi, office printers have also evolved. Say goodbye to direct-connect printers that carried little risk—and hello to devices with the specs of a computer or a server. We’re talking memory, operating systems, processors, and hard drives. The advances are staggering.
At the same time, the way companies are monitoring and managing those devices has stagnated. Printers aren’t being monitored in the same ways as other networked devices. It’s unheard of, for example, for a company to hand out laptops and other endpoint devices that haven’t been configured by IT. Yet networked printers, which often include many of the same components as a laptop, often receive “plug and play” treatment.
Outsmart The Wolf
Here are three immediate steps to better secure your networked printers. Every business is potentially at risk, so it’s important to educate yourself and your employees on the impact to your company.
1. Expand the idea of your network.
Networked computers are usually tracked by Security Event Information Management (SEIM) tools. Networked printers usually aren’t. If a user clicks an insidious link from a networked computer, the SEIM tool in place would notice the problem and work to fix it. It’s time to give printers that same level of scrutiny. Malware that’s found its way onto your system can sit idle for months before activating or even being noticed. Without ongoing monitoring, you might not detect it until it has a foothold on your network until it’s too late to contain it. Also, develop a strong mobile security policy that fits with your overall print security strategy. If your PC printing policy encrypts data in transit and requires users to authenticate at the device, use a mobile solution that does the same. This will allow your security team to educate, create awareness, and establish best practices.
Also, develop a strong mobile security policy that fits with your overall print security strategy. If your PC printing policy encrypts data in transit and requires users to authenticate at the device, use a mobile solution that does the same. This will allow your security team to educate, create awareness, and establish best practices.
2. You have tools. Use them.
HP LaserJet and HP PageWide printers are prepared to do a lot of the heavy lifting when it comes to print security. They only need to be told what to do. Just as you would add a common operating environment to a fresh out of the box PC desktop, configure printers as they are delivered.
Network-enabled printers come equipped with monitoring and management tools. In HP printers, for example, Security Manager can lock down a device that has been hit with a virus and isolate that threat to keep it from spreading. Additionally, SEIM tools communicate directly with the operations centre, letting it know whether memory has been affected and where the device is in the recovery process.
3. Watch your assets.
Asset management is critical, because each device represents a possible entry point onto your network. Customers often don’t have an answer when I ask them how many printing devices they have. Know what’s on your network. Know the model numbers and whether they’ve received the most recent firmware update to block security events.
Not just a printer
Today’s printers are robust network-connected computers integrated into your infrastructure. They handle your most recent data—the currency of business. It’s what you’re working on today, whether that be invoices, business plans, or IPO takeovers. Business-critical information passes through your printers on a regular basis, so you need to protect data at that level. Think about printers; don’t ignore them.
Watch The Wolf short film (6:22), directed by Academy Award-nominee Lance Acord and edited by Academy Award-winner Kirk Baxter, at www.hp.com/thewolf.