When it comes to cyber security, don't overlook your printer

Originally posted on Nuance What’s Next Feb. 22, 2017


It’s happened again. According to a recent article in ITPRO, a hacker was able to gain access to more than 150,000 networked printers. Even worse, it sounds like the effort was fairly easy. In this case, the hacker, who went by “Stackoverflowin,” executed a program to search the internet to find printers that were online but didn’t have basic security controls enabled.

 

 

That was all it took, and once he was in, he had access to his victims’ most sensitive information, including recently printed documents, confidential data & even employee passwords. A wide array of printers were affected – everything from commercial printers, home-based printers, and even restaurant receipt printers – from many different manufacturers.

 

Fortunately, this “hacker” was actually a white hat hacker (someone who uses cyber skills to improve security before malicious hacker can get in) who utilised this breach as a way to warn the affected companies. Once he discovered a printer, he forced it to print a message to alert employees that their printer had been hacked. A condensed version of these printouts read, “… your printer is part of a flaming botnet … for the love of God, please close this port.” He even included a Twitter thread where users could learn more about this vulnerability & other security issues.

 

Printers Present More Security Risk Than You May Think

It doesn’t take much information to realise just how bad this breach could have been if Stackoverflowin was a black hat hacker intent on doing as much damage as possible. It also reinforces the point that today’s printers & MFPs come with the same networking & communications capabilities that we normally associate with computers & network devices.

 

Why is this true? Just think how these devices are being used today. Most employees utilise them as document capture solutions, perfect for scanning documents & delivering them to centralised repositories, their own desktops, or even to contacts via email.

 

This means that they now come with advanced communications capabilities. For example, MFPs can send alerts when toner is low or a device is in need of repair. They can even upgrade themselves on the fly using software patches via the network. More, they also include hard drives, embedded firmware and network connections – just like a PC.

 

Close the Printer Security Gap

So if MFPs are essentially computers, they are also subject to the same security risks, which is even more proof that they need effective security controls in place at all times.

 

But what are the best security controls?

 

Secure print management technology is one answer. The right print management solutions offer powerful functionality such as pull printing or “follow-you” printing to provide an added layer of security in the document environment by holding print jobs until they are released at the MFP. In other words, print jobs are not sent to specific printers or MFPs, but instead are sent to a secure server that could reside on-premise or in the cloud.

 

Print management solutions can also deliver a number of other capabilities to help organisations secure printers and MFPs. Examples of these include user authentication, access restrictions, network activity auditing, rules-based printing, and more. All of this helps reduce errors, automatically mitigate the risk of non-compliance, and avoid the fines, reputation damage & other costs associated with security breaches.

Ricoh offers a consistent user interface that encourages user adoption, helps enforce the application of the firm’s policies, & enhances productivity. Learn more about our solutions.