Taming the security monster in your printer

When the subject of security comes up, most businesses focus on their everyday devices such as PCs, laptops, tablets and smartphones. More often than not, printers are completely ignored. It is for this very reason that printers are an attractive target for cybercriminals. Modern network- connected printers feature a processor, memory, storage and even a web server. This makes them powerful enough to host specially-crafted malware that can access your network. The potential risk that they will obtain confidential information or do other destructive activities is steadily increasing.

Printers have highly confidential information flowing through them all day long.

Businesses that use the eight tips listed below will decrease the risk that their printers will be “hacked” by either employees or cyber thieves.

Physical security

Install printers in a physical location that is secure. This way print jobs are less likely to simply “walk away.” One of the easiest ways to steal a company’s information is to grab printed documents off printers before the owner retrieves them. It is surprising how many shared printers are accessible by the casual guest or temporary employee.

Push-Pull Printing

If supported by the printer, using the push-pull feature can eliminate disappearing print jobs. This feature will hold them until the requester walks to the printer and enters a code which starts the printing. This ensures that the output is securely delivered to the intended person. It can also end having to buy printers for special functions like payroll.

Change Passwords

Most new printers include a web-based administration page that administrators access through a web browser. Change the default password used for accessing this web page immediately. This ensures that a cyber crook can’t access the printer administrator web page by using the default password. It is easy to find this information with a simple online search. Make the password “long and strong” so it is difficult to crack.

Require Printer Authentication

After changing the default administrative password a best practice is to password protect printer access by using directory services or a print server that manages the printer--or both. Password protection adds another layer of printer security, so that only those approved by the company can generate print jobs. This substantially decreases the potential for network compromise.

Secure Print Data

Encrypting printer data is essential to preventing network eavesdropping and theft of information stored on the printer. This may be the last line of defense against a determined hacker so don’t shy away from using this feature. It can also prevent having to disclose a breach if you are certain the printer was in use during an attack.

Update Firmware

Run only the most current firmware and check for updates often. Updates regularly include security improvements that will eliminate known vulnerabilities that are exploited by malware or hackers.

Configure Printers to Purge Data

Printers store information temporarily before and during printing and usually have settings which dictate how long the printing information remains in the memory. By configuring all printers to immediately purge print job information, you reduce the possibility of stolen confidential information long after the job is completed.

Remove and Destroy Printer Storage before Recycling

To be absolutely certain no printed data is stolen, remove and destroy the hard drive in your printer before shipping it off to the recycle center. If you need a certificate of destruction for your records, contact your shredding company as they can often issue one. 

Printers are an attractive target for cybercriminals because they have highly confidential information flowing through them all day long. Lax security makes these devices an easy target. NPI Technology Management has a strong focus on security; rely on our expertise to control these and other security vulnerabilities.