How to Reduce Printer Security Risks
Published by Linda Rolf on 7/22/2021
We were in a client meeting recently, sharing our initial network discovery outcomes with them. The conversation was exactly the productive, friendly discussion we all look forward to. It was framed as a collaborative, knowledge-first session. No criticism. No judgment.
As we walked through the list of recommendations, we came to the topic of printers. Not exactly a subject that has everyone on the edge of their seats. But an interesting thing happened.
When we said that printers are a security vulnerability on a company's network, there was silence and a look of surprise.
"Why Hasn't Someone Told Us This Before?"
We typically think of a printer like the middle school dance wallflower. It huddles quietly in the corner waiting for someone to start a conversation with it. The reality is your printer is actively chatting on your network even while it is patiently waiting for your print request.
Unlike your desktops, laptops, and servers, printers aren't equipped with built-in security protection. And yet they are effectively a computer. They have firmware, hard drives, processors, and an internet connection. Hackers know this and exploit the inherent weakness to gain network access.
The logical question immediately asked was "Can we make our printers more secure?".
Unless your printers are expensive, high-end devices, they most likely don't include antivirus or security features.
Steps You Can Take
Here are some immediate security steps you can take to minimize unauthorized network access through your printers.
Begin by managing printer permissions. Give access to each printer based on specific user needs. In technical speak this is called the Principle of Least Privilege. Each user is given only the access needed to perform his or her job function.
Disable any network ports that are not needed. Printers often have unsecure ports enabled by default.
Keep your printers' firmware up to date. Firmware is the software your printers use to operate. Manufacturers distribute updates periodically, and some of these updates might address security risks.
Set your printers to shut down during off hours to reduce unnecessary socializing and online access.
In a networked environment, consider physical location and access. If someone is printing information that is subject to compliance or regulatory rules, don't route these print requests to a printer across the office. It's too easy for a print job to be forgotten, picked up by an unauthorized user, or inadvertently thrown away without properly destroying it.
Implement print tracking software to monitor activity throughout the company. Proactively watching who is printing what and where will allow you to spot suspicious activity early. This also provides an added layer of compliance management when data protection is vital for your company.
. . .
We Learned Something Valuable
We wrapped up our first meeting on creating a more secure organization with an important, shared takeaway --
The tools, technologies, and skills we all relied on to build our companies' infrastructure have changed significantly in a very short period of time. What we had in place then simply isn't enough today.
As a 30-year-old company, we can easily point to a long list of our own outgrown solutions.
As one person said, "It's just the way we've always done things. We didn't know what we didn't know."
Those are words – and attitude -- we love to hear. Making responsible strategic decisions starts with knowledge and the awareness that continuous change is the new replacement for "we've always done it this way."
Tags: cybersecurity, network security
. . .
is a lifelong curious learner who believes a knowledge-first approach builds valuable client relationships. She is fueled by discovering the unexpected connections among technology, data, information, people and process. For more than four decades, Linda and Quest Technology Group have been their clients' trusted advisor and strategic partner.
Linda believes that lasting value and trust are created through continuously listening, sharing knowledge freely, and delivering more than their clients even know they need. As the CIO of their first startup client said, "The value that Quest brings to Cotton States is far greater than the software they develop."