Did You Forget? Your Printer Probably Didn’t

Don’t overlook the potential misuse of documents stored electronically on printers and similar devices.

istock 474603253 4

That printer or imaging device sitting in the corner may not seem as snazzy as the latest smartphone, but it has plenty of sophisticated technology inside it, perhaps including memory and disk drives that could leave your organization exposed to data breaches and compliance penalties.

Businesses and other organizations invest heavily to wrap computer servers and storage devices with layers of advanced cyber security defenses. However, many printers and imaging devices are left relatively unprotected, despite a constant stream of documents that are transmitted to them electronically.

“Because printers have been historically viewed and treated as external components that perform a single function, they’re all too often left out of the wireless security loop – leaving a gaping hole in an otherwise tightly secured information network,” according to a report by Notebook Review.

In addition, sensitive documents may be left sitting unattended in output trays where they can be exposed to unauthorized individuals.

“The most obvious risk that an unsecured printer poses is allowing unauthorized individuals to access documents that have either already been printed, or documents that are being sent through a wireless connection to be printed,” Notebook Review points out. “If these documents contain sensitive information like bank account information or Social Security Numbers, the damages to individuals and corporations can be severe.”

Even organizations that are alert to security issues regarding paper documents may end up overlooking the potential misuse of documents stored electronically on printers and similar devices.

“While most consumers aren’t likely to have printers with internal storage, virtually every business-grade copier/printer/fax device is highly likely to be storing a large amount of sensitive information on a persistent storage device,” writes WTOP contributor Ken Colburn. “If your company printer has the ability to receive faxes and route them via email to the proper recipient, it first has to store the incoming faxes in some form of internal memory.”

Technology research firm IDC found that a significant number of companies did not consider printer security important to their business processes. Nonetheless, IDC warns, “Potential print-related security breaches could occur from network ports, print/copy/scan job interception, print/MFP hard drives and memory (RAM), printed or copied documents left in output trays, illegal use of secure media (checks, prescriptions), and so forth.”

According to HP, imaging and printing devices store sensitive information on internal drives or hard disks, which can be accessed if not protected. Additionally, the company advises, multifunction printer devices can easily capture and route jobs to many destinations, potentially exposing sensitive data.

Because many printing devices are left unattended and unmonitored, it may be easy for an unauthorized individual to walk up to a device and access that memory, or inject malware that can email stored document files.

These issues can be addressed by ensuring that security policies encompass printing devices. Security procedures can range from implementing technology solutions such as authentication and access controls to prevent unauthorized use and configuration, to encrypting files transmitted over the network and stored on devices, to periodically ensuring the device memory is wiped clean.

For more insights on ensuring printer devices don’t become security liabilities, go to HP Print Security.


Copyright © 2017 IDG Communications, Inc.