They’re complex machines that save businesses loads of money and increase productivity, but they can be taken advantage of if they’re not securely configured, monitored, and kept up to date.
While businesses go to great lengths to protect their PCs from cyber attacks, many have not done the same with their printers. In fact, according to a Spiceworks survey, 43% of the companies surveyed said they ignore printers in their endpoint security. Due to the security threats that many printers are exposed to, HP has created a bug bounty program with Bugcrowd to reduce vulnerabilities in their printers. They are offering up to $10k to anyone who can find a bug in one of their enterprise printers. Bugcrowd reported a 21% increase in vulnerabilities discovered in HPs printers since they launched the program.
Why Would a Cyber Criminal Attack a Printer?
With access to personal company information through stored documents in a printer’s database, cyber criminals have an incentive to hack into your printers and do what they please with the sensitive information. Criminals will often hold printers and their data for ransom, which will cause downtime and force you to pay a pretty penny for information that you may not even get back.
Don’t think it’s just your printers that can be compromised. By hacking into a printer, cyber criminals can get into employee computers connected to the printers and gain access to your entire network. One way hackers have recently done this is by sending an image file to a printer’s fax number with disguised lines of malicious code. This was an easy entry point for hackers to infiltrate entire networks and its connected computers. You may think that fax is out of date, but researchers at Check Point found 300 million fax numbers still in use. And a fax number is all that a hacker needs to infiltrate the network of an all-in-one printer.
How to Protect Your Printers from Being Hacked
Protecting your printers from malicious cyber attacks starts with a proper configuration as soon as you buy your printer. New printers without security measures in place that are connected to your network can be a huge risk.
- Continuously monitoring your network, and perform updates and patches promptly. Many printers will receive updates from the manufacturer, so it’s crucial that you’re monitoring these on a regular basis.
- Change the default password of your printers if it has web management capability.
- Don’t allow devices that don’t belong to your company connect to your printers.
- Don’t allow access to your printers through public internet.
- If your printers have a publicly routable IP address, you can create a private subnet that has non-routable IP addresses.
- Ensure that you’re using an encrypted connection when accessing your admin control panel. You can check that it’s a secure connection by checking to see if it has a secure socket layer, which will have a URL starting with HTTPS rather than HTTP.
- You can require users to enter in a PIN before printing.
- Don’t run your printers on the insecure default protocols such as FTP or Telnet.
- Use a network firewall to restrict printer access.
Conclusion
With an increase in printing technology and capabilities, printers are becoming more of a target for cyber criminals. Ensuring proper security measures are in place is not always an easy task. If you’re unsure about the safety of your business printers, contact Kraft to speak with a Managed Print expert, or learn more about our Managed Print Solutions.