With the threats from cybercriminals continually rising, businesses, including SMBs, must remain vigilant as they can come through any networked device – including MFPs. Resellers can help ensure customers are as protected as possible.
This year has seen multiple headline news stories about major businesses being hit by cyberattacks. But the threat to all sizes of business is rising too, with cybercriminals targeting any weak point in a business’ network – including multifunctional printers (MFPs) – something resellers and their SMB customers need to be aware of.
Trevor Maloney, product marketing manager – Kyocera Document Solutions UK, says networked MFPs can pose a significant security risk. “Especially to those businesses where limited IT resources mean printer security often gets overlooked,” he says. “As network endpoints, unsecured MFPs can unwittingly give hackers access to the network, allowing them to intercept or access sensitive print data or even deploy malware.
“Uncollected printed documents can still lead to data leaks or confidential information getting into the wrong hands, which is why devices with secure print onboard as default or a print management solution is a must for any shared environment.”
Rick Dove, pre-sales technical specialist, Epson UK, notes that MFPs are often underestimated in terms of security. “But they’re essentially networked computers with storage, processing power and connectivity which makes them an appealing target. Some even run on the Android operating system, which opens the door further since attackers can leverage familiar programming languages and tools.
“Printer manufacturers are quick to issue firmware updates to patch vulnerabilities, but problems arise when devices are left running outdated software or are poorly configured. In these cases, an MFP can become a convenient gateway for cybercriminals to infiltrate the wider network, steal sensitive data or stage a larger attack.”
Security available
This means security should be a priority for SMBs, although as Gary Organ, head of device technology sales UK at Fujifilm, emphasises, security isn’t just putting the best and latest versions of technology in place to protect devices. “It’s also about the layers of complexity cybercriminals have to go through to beat the system,” he says. “The biggest threat to most MFPs is still the fact there are no or few security features enabled on the device. By adding basic features to a device, you are mitigating your risk more than if you had no technology or processes in place.
“The key is to look at the lifecycle of documents produced as well as the devices in isolation, as documents, whether electronic or printed, also pose threats to the business. Implementing basic print management or output management systems that work in the cloud from industry leaders such as PaperCut, MyQ and YSoft ensures the machines are locked down and minimises cross-contamination of documents, with the highest security levels through their public cloud solutions.”
Ian Fox, UK channel solutions and services specialist at Xerox, says that initially, best-practice security strategies should be applied to minimise the attack surface. “This includes regularly updating and patching solution software and device firmware, enforcing strong password policies with scheduled changes, disabling unused ports, and establishing robust auditing and remediation procedures to address potential vulnerabilities,” he says.
He adds that Xerox’s Cloud Fleet Management offers a robust and streamlined approach, ensuring devices remain updated and aligned with organisational security policies. “It enables centralised patching, password enforcement and configuration management,” he says. “Security audits can be scheduled and reviewed through a single dashboard, simplifying the identification and remediation of non-compliant devices. Additionally, Xerox partners can integrate this solution into their managed service offerings, unlocking new opportunities for recurring revenue and removing the burden of these tasks from their customers’ overstretched IT departments.”
Rick notes that Epson Print Admin provides secure print release and user authentication. “This means sensitive documents only print when the authorised user is at the device,” he says. “Without secure print release, confidential files can end up abandoned on output trays; a small oversight with big potential consequences.
“Epson devices also integrate seamlessly with third-party platforms such as OptimiDoc and PaperCut Hive, giving customers flexibility to scale security and solution features to their specific needs.
“Combine these solutions with regular firmware updates and device-level access controls, and SMBs can put a solid, layered defence in place, one that makes everyday printing secure and stress-free.”
Tony Ko, vice president, Hardware and Business Solutions at Katun, says that SMBs should prioritise MFPs with robust, built-in security features. “Katun’s Arivia MFPs offer comprehensive protection with TPM 2.0 chips, secure boost capabilities and SSD encryption,” he says.
“They support advanced user authentication, access controls, secure print release, WPA3 wireless security and Radio Equipment Directive certification. The Arivia platform supports OAuth 2.0 for scan to email security and Microsoft’s Universal Print for encrypted cloud print. These devices also integrate with Katun’s KDFM eXplorer platform, which is ISO 27001 and SOC 2 certified, for secure remote management, two-factor authentication, and GDPR-compliant data handling, making them a reliable choice for secure, scalable print environments.”
Trevor says the security of the MFP needs to protect against the uploading of malware, access to the network itself and the retrieval of documents from the devices own HDD. “This security needs to be automatic, common and all-encompassing,” he notes. “Kyocera’s new TASKalfa MZ 7001 series have security at the core of their design. As such these devices come as standard with a data encryption and overwrite feature ensuring any files on the HDD are securely held. Other standard features include Simple Certificate Enrolment Protocol, on-line Certificate Status Protocol, firmware validation, Trusted Platform Module, Security Information and Event Management support and TLS 1.3 support to name but a few.
“For maximum protection, print management solutions such as Kyocera Cloud Print and Scan give SMBs visibility, control and follow me printing, allowing users to release their prints via a PIN code or card.”
Reseller role
Resellers have a crucial role in ensuring customers’ MFPs remain secure. “Resellers often take a reactive stance on MFP security, but adopting a proactive approach is essential,” says Ian. “Engage in open conversations with your customers to highlight potential risks – they’ll value the insight. Once these challenges are understood, it opens the door to discussions around auditing, remediation and long-term risk management.
“Also, reconsider extending existing hardware contracts without review; technology evolves quickly, and legacy devices may no longer meet modern security standards, potentially exposing the network to vulnerabilities.”
Ian adds that educating customers is important. “Hardware and software that make up an MPS solution shouldn’t be treated any differently to any other endpoint on the network,” he says. “They carry similar risks as an entry or exit point for those with ill intentions. Raising awareness of such vulnerabilities is important and helps avoid the ‘it won’t happen to me’ mentality.”
Tony agrees that education is important. “Resellers should educate users, offer ongoing support and conduct security audits,” he says. “This approach strengthens MFP security and delivers long-term value by reducing cybersecurity risks for customers.
“It’s important to emphasise the need for secure configurations, regular firmware updates and strong access controls. Key security features like data encryption, secure print release, and automatic updates should be clearly explained. Positioning security as a core part of the MFP’s value helps build trust and long-term relationships.”
Rick says resellers can add value by positioning MFPs as part of a company’s broader IT security strategy, not as isolated devices. “In my experience, involving IT managers and network admins early in the project lifecycle helps build buy-in and ensures solutions are set up right first time,” he says.
“On top of this, resellers should recommend role-based authentication and secure print release as standard. Together, these measures guard against external intrusions and internal mishaps because sometimes the biggest sensitive data risks come from documents left sitting in the output tray.”
Rick adds that device lifecycle management also needs to be considered. “Once devices reach end-of-life, they typically stop receiving security updates, leaving them vulnerable,” he notes. “By encouraging customers to refresh their fleets proactively, resellers can help keep security airtight while avoiding nasty surprises down the line.
“Ultimately, resellers should highlight that by weaving MFPs into a holistic IT security strategy, customers can turn printers from ‘potential weak spots’ into well-managed, secure assets that support long-term business resilience.”
Trevor says SMBs are looking for ease of use, simple installation and, above all, total peace of mind from their secure print network. “They need to know their print devices are secure in their own right, certified and independently tested,” he says.
Resellers should always impress on their customers the importance of securing their print environment as this is a fundamental part of their data, network and ultimately business security, Trevor adds. “Printers and MFPs that are independently recognised and validated for their security technology will enable channel partners to differentiate their offer, add value and ultimately build trust with their customers,” he says.
Gary says the key is understanding the client’s individual risk profile and concerns. “This often determines the level of security features a customer will want to implement and invest in,” he explains. “The key is to ensure that salespeople are having the conversation and seeing the value some of the MFP security features and third-party software bring to end users.”
Future threats
The threats from cybercriminals will not be going away, so resellers will have to remain agile to the changing nature of attacks.
Ian says that growing awareness of potential risks due to AI and quantum computing will boost demand for cloud-based solutions with enhanced endpoint security. “Data privacy and compliance will drive the development of features, while the need for managed security services is expected to rise,” he says. “These trends will shape a dynamic, evolving market focused on advanced threat detection and response.”
Rick says he expects cyberattacks against MFPs will become more sophisticated and automated. “Expect to see malware designed specifically for MFPs, as well as more advanced exploitation tools that make attacks faster and easier to execute,” he says.
“To stay ahead, manufacturers will need to build stronger defences directly into devices; think anti-malware engines, enhanced encryption and smarter data handling safeguards. In short, the arms race will continue, but with the right measures, businesses can stay one step ahead of the bad actors.”
Trevor notes that cybercriminals looking to infiltrate a network via a network connected MFP will always assess the current methods manufacturers employ to defend against these threats and look to employ new ways to bypass these defences. “Kyocera takes security seriously and as such we will continue to develop new and innovative security features including: AI-driven threat detection, improved secure authentication protocol, increased encryption and access control,” he says.
Gary says that with technology advancing at the speed it is, security breaches are inevitable. “The key is implementing as much as possible to mitigate the risk,” he adds. “I still believe the greatest risk is companies not taking the risk of the MFP on the network seriously enough. Customers will struggle to keep up with updates and developments in technology, and this is where it becomes important that specialists continue to do some of the heavy lifting for clients, providing an opportunity to add significant value to the customer.”
This article first appeared in Print in the Channel magazine issue #30.
