What is network printer security?

Multi-function printers are essentially computers. At least, that’s how hackers see them. And they represent an often-overlooked backdoor onto your network. Think about it: everyone knows about cloud security and encrypted file transfers, but hardly anyone talks about the humble office printer.

Network printer security is simply another branch of your cyber defence strategy: it’s how you safeguard your online or direct IP print network from penetration or interference.

Network printer security best practice includes:

• Robust authentication
• Secure print release tools
• Print job encryption
• Network segmentation
• Regular patching and firmware updates

Implement authentication methods

First step: authentication. You should have visibility and control over every authorized user on your network. These users need to be authenticated, ideally for each and every print job. There are a few ways to do this:

Usernames and passwords. The default authentication method, and the bare minimum of what you should be doing. Users should only be able to print and send jobs after entering their credentials, as specified in an external user directory, such as Active Directory or LDAP.

PIN numbers. Alternatively, users can authenticate using an ID number with an associated PIN. These are generally simpler and easier to remember than passwords, and often require less management from sysadmins.

Swipe cards. Instead of passwords and PINs, users can authenticate using a registered swipe card (this could include a magnetic strip, smart card or RFID). This will obviously depend on your printer model, since not all MFDs will support swipe card authentication.

2FA. In an ideal world, you should be running 2-factor authentication (2FA) or multi-factor authentication, which is any combination of the above methods, run in tandem. You can read more about MFDs and 2FA over here .

Use secure print release

In most printer networks, when a user prints from an application, the job automatically flows through to the MFD, which starts printing. This is fine for speed, but trash for security, since documents can easily get forgotten, or sit unguarded in an Out tray, where anybody can pick them up. Instead, you should implement Secure Print Release . This means that jobs are only ‘released’ (i.e. printed) when the user arrives at the printer and confirms their identity.

Encrypt your print jobs

Cloud print jobs should be encrypted during transfer and at rest. If you’re running a print management app, this should come as standard (and if it doesn’t, shop elsewhere immediately). There are a few factors here:

Spool file encryption. Spool file encryption is for organizations that want to safeguard sensitive information while it’s waiting to be printed. It’s an additional security layer, specifically for your hold/release queue.

Multi-tenant SaaS. Fully hosted, multi-tenant cloud solutions need encryption specifically designed for the public internet. PaperCut’s in-house Edge Mesh technology is the way to go here. It comes as standard for PaperCut Hive and PaperCut Pocket.

Encryption protocols. If your network isn’t running SSL/TLS or IPSec, your print jobs are at risk. These common protocols encrypt print data between your device and the printer.

Cloud hosting. If you’re cloud hosting PaperCut MF, whether that’s a private or virtual private cloud, your print environment is linked to the PaperCut server via a secure, encrypted VPN tunnel (e.g. IPSec or AWS Direct Connect).

Network segmentation

Network segmentation – dividing your printer network into smaller, isolated segments based on user permissions – is a great way to enhance your overall network security. It basically limits the fallout of any potential breach, since access to one part of the network doesn’t grant access to the entire network. We recommend isolating your printer from the rest of your network to protect sensitive information and reduce overall congestion. You can also use subnets to restrict certain users from accessing certain printers.

Update firmware and patches

A printer network is only as secure as its latest patch. That’s a good rule of thumb for sysadmins to follow. There’s no point installing fancy print management software, or configuring your firewall, and then leaving it to rust. At the very least, you should be automatically updating your firewall firmware with the most recent patches. Same goes for your printer software, and any third-party print management apps, like PaperCut . This will counter any emerging vulnerabilities.