12 July 2016
2 min read
So you've got your antivirus installed and updated, your staff has been briefed on the hallmarks of a suspicious email (action: do not download), and the office network is locked down with passwords that would take 5 million years to crack. Ever stop to consider that oft-forgotten member of the small business security network – the humble printer? Researchers in Singapore recently showed how easy it is for hackers using mobile phones mounted on drones to hack into the unsecured print queue of a Wi-Fi printer.
This happens more often than you might think. According to the Ponemon Institute, 64 percent of IT managers believe their printers are likely to be infected with malware. A separate study from Ponemon also found that 55 percent of companies do not have security policies for network printers.
Why bother with printers? Not only do they often handle sensitive files, but the more advanced, feature-heavy printers usually have hard drives for storing an office's worth of documents to print. Also, like PCs, they have operating systems and access to the business Wi-Fi network.
Confidential data that's travelling across a password-protected network from a password-protected computer only to end up in that single chink in the armour – the unencrypted print queue – could therefore be pilfered by an enterprising cyber crook.
Such unsecured printers may also be remotely installed with malware such as “sniffing programs” that can log print jobs as well as network traffic, usernames and password information, all sent straight back to a cyber crime server. Other times, miscreants use the vast hard drives available on modern printers to host the tools needed to do their dirty work. From malicious web pages and scripts to viruses, worms, or trojans, any web-connected printer with enough storage can become a staging area for cyber crime.
“People don't think of the printer as a nefarious actor in their network, but printers are now just like PCs” Patricia Titus, Ponemon Institute distinguished fellow
“There's a growing concern around printer security specifically. We hope that now a lot more printer companies will step up and talk about the problem,” added Tuan 1 Tran, vice president and general manager of HP LaserJet and Enterprise Solutions, commenting in a recent interview with The Telegraph.
What you can do
Always download software updates for your printer when available, and invest in secure printers with in-built protection that can monitor, detect and recover from a hack by rebooting and clearing the print queue of sensitive documents.
Newer HP Enterprise LaserJet printers come with HP SureStart for detecting and flushing changes to system software as well as built-in intrusion detection to prevent attempts to install malicious code. IT managers who oversee fleets of printers can use HP JetAdvantage Security Manager for ensuring that web-connected printers run only authorised software.
For more tips on securing your small business network, download the HP ebook Cyber security for small businesses.