The printer – its importance for IT security is usually underestimated. The often forgotten danger posed by unsecured devices can lead to serious consequences. Managed workplace service provider Apogee shows how companies can protect themselves.
While the majority of IT security measures focus on securing laptops, servers, and desktops, securing printers in the corporate environment is still given a stepmotherly treatment in many cases. However, those who believe that printer security is negligible in good conscience could quickly be confronted with the consequences: As an entry point into the corporate network, unprotected printers are an easy and welcome target for cybercriminals, which in the worst case can translate into DDoS attacks, data theft or infection with ransomware.
The loss of confidential documents and the tapping of print jobs can compound the problems if companies fail to do their due diligence and violate the GDPR. As drastic as the consequences can be, with the right strategy, IT departments can mitigate the threat of printers. Managed workplace service provider Apogee shows what’s involved.
The hardware
A self-check built directly into the printer can detect manipulated software or unauthorized access and initiate countermeasures. This approach can be implemented with two types of BIOS, one of which works directly on the device’s circuit board and only allows physical access. If the system detects a change in the firmware, for example after an external attack, the printer does not connect directly to the network, but activates the protected second BIOS, preventing potential threats from spreading across the corporate network.
The software
Even in the world of printers, IT security does not work without monitoring. With a centralized software solution, employees can import the necessary SSL certificates for encrypting print jobs directly to the printer, verifying print job transmissions, detecting open ports, and controlling administrator passwords on endpoints. Integrated dashboards and easy reporting are also important aspects that solutions should bring to facilitate the orchestration of the often high number of printers. In this context, regular security updates should also be a matter of course.
The employees
No effective strategy for the secure use of Internet-enabled devices can be achieved without raising awareness of potential risks. Printers are no exception, and there is even a strong need to train employees – because even printers can only be as secure as people operate them. To ensure that the security focus is not only on employees’ laptops or servers but also on the secure and DSGVO-compliant handling of printers, training courses, tutorials, and instructions, for example, are a good idea. If in doubt, companies should hand this task over to external experts, as many IT departments lack a certain understanding of the importance of these processes.
“Unsecured printers are a real gift for attackers and make it very easy for them to penetrate deeper into companies’ infrastructure, compromise users and steal sensitive data,” explains Karin Daher, General Manager at Apogee Germany. “For these reasons, we can only advise taking the topic of printer security very seriously, focusing on the interplay between hardware and software security solutions, as well as training employees intensively.”
