Print Security in Education

327
Print Security in Education

While educational institutions are aware of the threats posed by cybercriminals and are putting increasing security measures in place, vulnerabilities in the printer fleet can be overlooked – which is where resellers come in. While print has declined in many sectors in recent years, one where it has largely held up is education, as resources often still need to be printed to be handed out to students and records need to be kept. 

But the confidential nature of much of the records and data held by educational establishments, means they are a target for cybercriminals, yet sometimes printers are overlooked when it comes to putting in cybersecurity measures.

“Educational institutions are susceptible to an array of cybersecurity threats, including data breaches, malware attacks, insider threats and network vulnerabilities,” says Gary Mellor, head of digital transformation services at Sharp UK. “Printers are an often-overlooked entryway for cyberbreaches, in fact, our own research found that in the UK, 15% have been impacted by a printer security breach and 33% had no IT security measures in place at all to cover printers at all.” 

Stuart Brookes, EMEA head of sales and channel at PaperCut, notes that any unprotected, internet-connected device is an easy network entry point for bad actors. “Print is often a weak link in the security chain, because we tend to think of mobile devices and laptops as being at higher risk, rather than the innocuous-looking MFD in the corner,” he adds. 

“It’s important to remember that any connected device is vulnerable, and that’s why we constantly remind end users to be vigilant and encourage them to activate all relevant security settings on their MFD, and that they always install the latest print software updates and patches.”

Andrew Smith, chief information strategy officer at Kyocera Document Solutions UK, notes that staff in the sector are often required to do more with less time and seek technology to ‘make life easier’. “It is therefore understandable that education establishments seek to maximise the use of new technology on print hardware that enables them to connect to third part applications like OneDrive, Google Drive, DropBox, SharePoint etc,” he says. 

Andrew adds that budgets are also being pinched, which leaves educational IT teams with restricted resources and conflicting priorities. “This means print solutions security is often overlooked and becomes a gateway into educational networks typically caused by lack of firmware patching, misconfiguration or lack of basic segmentation,” he says. 

Increasing awareness

Schools are becoming increasingly aware of cyberthreats – although sometimes this has been through high-profile security breaches that have made headlines in the media. “One such industry-changing example was PrintNightmare, the critical security vulnerability that affected the Microsoft Windows operating system and occurred within the print spooler service,” says Stuart. 

“While the vulnerability made people aware of the risks of third-party drivers, it also acted as a trigger for the move toward the IPP Class Driver which, as well as streamlining printing process, reducing complexities and enhancing efficiency, also reduces exposure to attacks. 

“Therefore, a combination of major security breaches, regular security optimisation conversations with resellers – as well as IT departments’ own diligence – should mean that the education sector is aware of the risks and has measures in place to mitigate them.”

Gary adds that security is often the highest priority for an IT manager within an educational institution. “Many schools and colleges are becoming increasingly aware of the risks posed by end points,” he says. “While IT teams may be putting controls in place to minimise risk, the security of print devices can however be overlooked. 

“We firmly believe that security needs to be looked at holistically, and this is with our clients is important. By objectively evaluating our clients’ threat landscape, all end point devices such as MFPs are considered. At Sharp we work closely with our clients providing expertise to help them understand the threats and the controls needed to reduce risk.”

Differing solutions

But solutions for education customers need to be different to those used in other business sectors. “While the fundamentals remain the same – securing the MFD and related print software to stop data leaks before, during and after printing – we should bear in mind that the BYOD model is even more prevalent in education than in a corporate or business setting,” says Stuart. 

“Therefore, education has a greater need for solutions like PaperCut’s Mobility Print and Print Deploy for PaperCut MF and NG. They facilitate BYOD by supporting Vendor Agnostic End User Computing. In terms of the parallels between the two sectors, education also benefits from print management solutions that provide insights into who has been printing what, making it easier to cross-charge departments or individuals for their print as well as putting print rules in place that help to lower print volumes.”

Security vs convenience

Stuart adds that there is always a trade-off between security and convenience. “It’s important to implement solutions that aren’t more complex to use because of the security they provide,” he says. 

“Remember that not all users are IT savvy; a teacher or student just wants to collect their printed documents or run off some copies quickly and easily, without having to navigate a complex security sign on or other barrier to their productivity. Print must remain easy to use without compromising the user experience or security, so resellers need to reflect on that when recommending solutions to the education sector.”

Andrew agrees that the educational market does not need resellers that sell solutions and tools that increase the workloads of the already conflicted and stressed resources. “Instead, education establishments need security partners, MSSPs that can sell solutions with wrap around services including that of advisory services that focus on improving the overall foundations of the educational networks in question,” he says.

“Their user base is diverse, and they need to support technology in different ways to best enable young people’s development and learning. A traditional policy based corporate approach simply does not work; solutions and supporting services must be tailored to the environment.”

Volume of sensitive data

Gary says that while print security best practice remains the same across all types of organisations, education establishments require extra consideration. “That’s because educational institutions typically handle a large volume of sensitive data and have greater insider threats, necessitating robust security measures tailored to protect personal information and network attached equipment,” he says. 

“Solutions for schools and universities might prioritise features like user authentication, secure print release, and encryption to prevent unauthorised access and data breaches. Additionally, compliance with educational data protection regulations is crucial.

“In contrast, businesses might focus more on protecting intellectual property and ensuring secure document handling within a corporate environment. While both sectors require strong security, the specific needs and regulatory requirements can vary. Resellers should tailor their recommendations and solutions to address these unique challenges, ensuring that educational customers receive the most appropriate and effective security solutions for their needs.”

Reseller conversations

When talking to customers in the education sector, there are various topics that resellers should raise. “Resellers must always stress the need to keep security front-of-mind at all times, and if they have a managed print service agreement with their customers, to ensure that they are always advising their customer about the latest security hardware and software updates and that they are working with them to install them,” says Stuart. 

“There are many stakeholders when it comes to implementing robust security measures – from device manufacturers to software providers, resellers, IT teams and end users – so resellers must stress that end users are aware of the role they must play in keeping the network and confidential data secure.” 

Gary agrees that resellers should emphasise the critical importance of print security, but also tailor solutions to suit the organisation’s long-term goals. “They should share best practice and guidance while also discussing potential risks, such as data breaches and unauthorised access to sensitive information, and how these can impact students and staff,” he says. 

“Understanding long-term goals and what their network infrastructure will look like moving forward is key so that solutions are tailored to suit each organisation for now and the future. Cloud solutions should also be playing key part in that strategy. 

“By focusing on these aspects, resellers can position themselves as knowledgeable and reliable partners in enhancing printer security.”

Quentyn Taylor, senior director – product, information security and global incident response, Canon EMEA, notes that security breaches have increased for 61% of organisations in the past year alone, according to Quocirca. “Among these threats, ransomware stands out as the number one concern, and its growth in recent years has been alarming. Organisations of all sizes are vulnerable, making it essential for all to prioritise their cybersecurity efforts,” he says.

“One of the best ways to combat this growing threat is by developing a detailed understanding of their security perimeter and the assets that need to be protected. Organisations must conduct thorough security assessments to identify potential weak points and bolster their defences accordingly. 

“Resellers can help organisations in the education sector to navigate their document security requirements by identifying key ‘pain points’ where print workflows can be streamlined and made secure.”

Andrew adds that it is vital to understand what strategies, plans or otherwise are already in place. “It’s imperative to understand the senior leadership team’s understanding and buy in.

“Following this it’s important to understand prior investment as well as what products and solutions are available to certain educational establishments at a significantly reduced rate. 

“From this a plan for improving cyber foundations can be formed providing the maximum protection, reducing risk while minimising expense.

“Conversations must be tailored, and a deep understanding of education is required. Through this the highly sensitive personal data that is held by educations establishments can be protected whilst not stifling learning outcomes.”