Unmanned but not unarmed
Way back in 1938, Chester Carlson invented the process of xerography, which was commercialised by the Xerox Corporation. The device was widely used to produce high-quality text and graphic images on paper. However, it wasn’t until 1959, before the first convenient office copier was unveiled.
Entering the new millennia the printer transformed from a mere piece of hardware connected to a PC and turned into a computer itself. Balaji Rajagopalan, Executive Director, Technology, Channels & International Business, Xerox India feels that network printing unlocked a billion possibilities. Fast-forward to 2015, printers became even more sophisticated! Cloud and mobile ready, customisable with display screens and built in apps, they have transformed into a workplace assistant.
But – this sophistication came with a risk! These Multifunction printers (MFPs) are subjected to an identity crisis! The IT teams and employees have a myopic vision. They don’t always see them as full-fledged, well networked systems they really are. Unfortunately, the attackers do. Even worse, they find them terribly attractive!
Quietly seated in the corner of the office, busy simplifying work for us, they might not seem as threats. But if left unmanned, they sure are capable of posing a real security risk.
150,000! Yes! In early 2017, over a lakh and a half connected printer were hacked in just a few hours. And the "victims" included companies of all sizes. Fortunately, the attack did more good than harm! It brought into notice the security risks associated with printers. Indeed, it was a useful and effective reminder of the vulnerability of these devices ... and the costs and menace they can cause.
Considering the risks involved and variety and volume of confidential documents that pass through the printer, managing printer fleet becomes a critical issue for any company! As per a recent study by Ponemon Institute, an average 44 per cent of the devices are insecure in terms of the access to the data stored in printer mass storage and over half (55 per cent) of devices are insecure in terms of access to the data stored in printed hardcopy. The study also revealed that 60 per cent of the companies had a data breach which involved printers and 44 per cent of the network-connected printers in the organization had the risk of unauthorized access to the data stored in printer mass storage.
So, definitely it’s better to be safe, than being sorry. Or rather really sorry!
Companies – big, small or medium are equally at risk because even a single printer, can be enough to give hackers a gateway to the company's network and seize their data. This risk is even higher for SMBs simply because they are more unlikely to have an IT manager in-house. Also, their close relationship with large companies requires a high level of data availability and integrity – which adds to their risk.
However, despite these findings and increased conversation about the risks involved, less than 2% of printers are secure. This is why it is essential to adopt a solution adapted to the ecosystem in place in order to propose an effective countermeasure to the possible attempts of intrusion and piracy.
1st essential measure: Ensure the machine(s) is set up correctly with optimum level of authentication or access control. This will ensure that only the authorised people will have access to the resources and thus your data – a key step towards optimal data confidentiality.
2nd measure: The protection of the documents themselves. By protecting the print device(s), the company also protects its data to ensure its integrity. As established earlier, connected printers are an easy network gateway for hackers. However, the upstream detection of malicious attacks and intrusions are the first barriers against such attacks.
3rd measure: Strengthen data security. It it is recommended to encrypt the data, use an electronic signature and ensure non-repudiation of a message. The key is secure prints and protected critical data.
Good news: Now new printing solutions have security options which can easily be activated even without a DSI nearby. Simply choose the level of security you want. And if you do not, you always have the possibility to ask for advice directly from the manufacturer.
Let us not forget that the experts remain the best interlocutors to help companies to optimise their costs and to protect themselves!