When you think about the security threats within your organization, your first thought is probably about computers or maybe personal phones used by employees. However, it's your office printer that has presented security risks for decades, often being overlooked and underestimated.
Don’t worry though, you're not alone.
According to a recent Forbes article, over a million printers are currently at risk of a cybersecurity attack and survey studies have found that while 85% of companies are aware of the threat, only 59% of them feel printer security is relevant to them.
This is the type of thinking that perpetuates hacking because it fails to address the root of the issue: poor multifunction printer (MFP) security is a vulnerability and a business liability.
There are a tremendous amount of risks associated with poor multi-function printer security. Here’s a short list of the most damaging:
- Unauthorized access to printed data: Someone accesses documents that belong to someone else.
- Unauthorized configuration changes: Changes are made to the printer configuration to reroute the print jobs.
- Print job manipulation: Print jobs are tampered with, which can include replacing print content for others, inserting new content in print jobs, and deleting logs to interfere with repudiation.
- Print data disclosure: Unauthorized access is gained to the print data from the memory, file system, print jobs, and hard drives when printers are decommissioned.
- The printer as an attack point: A compromised printer is used to attack other applications, execute malicious code, or attack other systems.
- Cloud printing risks: An attempt is made to gain access to the enterprise network through cloud printing channels.
How to Harden Your Network Printer Security
Locking down MFPs doesn't have to be hard. Organizations with strong MFP security are protected from cybersecurity threats and the risk of valuable data and assets being stolen, ultimately saving them and their customers time and money.
Here are 8 MFP security best practices organizations need to follow to ensure their equipment remains a technological tool, instead of a technological detriment.
1. Change the MFP Default Password
The most effective and simple way to keep an organization's MFP protected is by simply changing the default password. While every MFP differs slightly, most administrator passwords can be changed by following these steps:
- Navigate to the MFP's onboard or web-based utility and find the settings menu.
- Follow the navigation procedures to access the "administrator settings" section.
- In some cases, employees will be prompted to enter an administrator password. This will have been provided by an organization’s managed services provider, or will be listed on the installation and setup documentation.
- Once granted access to the "administrator settings" section, look for "security settings" and navigate to "administrator password."
- Lastly, choose a new administrator password for MFP by following the prompts.
2. Apply User Access Restrictions With Passwords
One of the most useful features of an MFP is the capability for multiple people within an organization to use the printer for varying print jobs. However, this function can also pose a security risk if the proper precautions are not taken. This is where user access restrictions come into play.
To combat unauthorized access, an organization should look to enable password protection measures. Most MFPs feature an administrative panel that allows users to password protect the settings and features of the multifunction printer. Unfortunately, most businesses forget to change the default settings of these devices which can cause data leakage issues if the printer is sold or recycled without locking the device.
User access restrictions provide IT administrators the ability to track usage of the MFP 24 hours a day from both internal and external team members, limiting exposure to data breaches and leakage.
Connected users of an MFP should be assigned specific access restrictions to limit their access to administrative functions of the printer as well as internal storage settings.
3. Encrypt the Hard Drive
MFPs can store various types of data after every use. This data is then stored on the physical hard drive of the device. In the event that the device is ever sold, stolen, or disposed of, these physical hard drives can be removed and mined for confidential data.
Hard drive encryption protects organizations from data breaches and prevents unauthorized parties from being able to read the contents of the hard drive.
Hard drive password protection is another essential component to protecting your printer data from unauthorized access. Some advanced MFPs can apply password protection directly to the Basic Input Output System (BIOS) of a printer's hard drive. This added layer of security means that even if a hard drive is physically removed from the printer, a multi-digit alphanumeric password will ensure that no one can access the sensitive information stored.
Pro Tip: Combine encryption with hard drive password protection for maximum MFP security.
4. Utilize Secure Pull Printing Capabilities
MFP’s ability to implement pull printing is a major tool for organizations in terms of document security. Pull printing holds a user’s job on a server until the user manually releases it at the printing device itself. Pull printing makes an organization's MFP more secure by requiring the employee to be present at the machine in order to release the print job by putting in a password or pin.
Pull printing eliminates risk by ensuring that the user is in control of the print job from start to finish and the document ends up in the right hands.
5. Implement Automatic Data Cleanup
Organizations often invest in MFPs due to the attractive ability to meet the varying needs of multiple users. In these cases, separate user profiles are created in the administrative panel giving them the ability to utilize their own User Box area when printing, editing, and saving information through the networked device.
However, over time, copy, print, scan, and fax jobs are saved under each of the user’s history. This can cause potential security issues if someone were to access these storage areas without permission. To ensure this feature remains beneficial, it is crucial to implement an auto-deletion feature
Auto-deletion prevents data build up through frequent maintenance and data cleanup of User Box data. Automatic data cleanup helps avoid a compilation of historical printer jobs, ensures all personal and public User Boxes remain clear at all times and helps reduce manual security processes resulting in a more productive and efficient office environment.
6. Install Automatic Temporary Image Removal
Many MFPs have the capability to retrieve temporary data files from the hard drive even after they are deleted. These temporary image files are typically stored in the MFP’s database automatically in the event of power failures or accidental deletion. While having access to temporary files can help organizations recover lost data, it can also provide hackers the same opportunity.
It’s a double-edged sword.
Only when an organization utilizes automatic temporary image removal can the threat of temporary data be truly eliminated and the benefits can be fully enjoyed.
An auto deletion time can be set for data stored in the personal or public User Boxes, as well as System Boxes. The auto deletion setting will erase the copy, print, scan, and fax jobs stored in boxes, depending on the storage period and the time frame selected for deletion.
7. Update Printer Software Regularly
This step should seem intuitive but is often inconsistently applied or even worse, overlooked entirely.
Like many other pieces of technology, MFPs require firmware updates from time to time in order to improve their performance as well as their security. Running MFPs with outdated software can leave devices open to network vulnerabilities and data breaches.
In this case, administrators should regularly check the status of their devices and ensure software is kept up to date regardless of whether the update seems critical or not. By updating firmware and apps on a consistent basis, organizations can make sure they are getting the most out of their MFP.
If an organization can’t allocate the necessary resources to fortify MFPs, they can look into establishing a managed print service (MPS). Along with a host of other benefits, MPS can improve print environments through managing consistent software updates.
8. Engage in Third-Party Testing
Organizations that are truly serious about eradicating their MFP security issues can look to third-party testing to help further identify and address security risks. Numerous printer manufacturers have already latched onto this approach, contracting with IT services companies to test network and device protocols. This effective strategy is an easy way for businesses to preemptively avoid bad press down the road.
Securing Your Office MFP
Most organizations don‘t realize the potential risks associated with MFPs until they are dealing with them. When it comes to business security, the number one goal for an organization should be to reduce its attack surface.
By following these industry best practices, your organization can navigate around these risks and start fully enjoying the wide range of benefits MFP’s have to offer.
Take advantage of the security features available in today’s MFPs to create a safer workplace, free from IT security threats.
Ready to find out if your MFP is truly secure? Assess your organization's existing security with our free document security seminar to help your business obtain the necessary strategies to create a more secure and reliable printing environment.