TopicInsightsPrinter Networks are an Overlooked Cyber Security Risk for SMBs

Printer Networks are an Overlooked Cyber Security Risk for SMBs

Printers are crucial to the running of many SMBs, which means that the security of the networks they run on is imperative – but it is still something that can be overlooked. This is where resellers can add value.

For small- to medium-sized businesses (SMBs), cybersecurity has necessarily become a priority as it has become clear that cybercriminals will target any business of any size – and the consequences of a breach could prove disastrous to an organisation that doesn’t have a large amount of capital behind it.

But while the focus of cybersecurity measures is often on IT and the PC and laptop fleet, the printer network also needs careful attention as, given they are connected devices, are just as attractive to cybercriminals as other devices.

Yet, as Jonathan Wells, solution consultant, partner channel, at Ricoh UK, notes, printers are often overlooked as network endpoints. “Most IT system administrators assume printers are automatically safe because they sit behind the office firewall,” he says. “However, printers left with factory default settings and passwords or outdated firmware and applications significantly increase the risk like any other network endpoint.

“One of the most common threats involve print spooler and legacy protocol vulnerabilities. Many printers leave outdated protocols like File Transfer Protocol, Telnet or older Simple Network Management Protocol versions enabled by default. These protocols can provide attackers open pathways to sniff network traffic or execute malicious remote code.”

Jonathan adds that another major concern are physical data leaks, which is the result of user error rather than technical compromise. “Confidential documents may be printed to incorrect devices, left unattended in output trays or scanned to the wrong destination,” he says.

“For example, a bank was auditing its retail branch network for information security compliance and discovered multiple instances of completed customer loan application forms that were printed by staff and left in output trays on printers placed in high traffic, customer facing areas.”

Gary Organ, head of device technology sales (office) UK at Fujifilm Business Innovation, agrees that SMBs often overlook MFPs and printers as a device that could be an onramp for a cyberthreat. “The sophistication of a modern print means these are as important as a PC sitting on the network with access to the infrastructure and sensitive documents being the immediate threats,” he adds.

Ian Fox, channel solutions and services specialist at Xerox UK & Ireland, says that cybercriminals are increasingly looking for overlooked or underprotected devices that can provide access to a business network,” he says. “MFPs can become a target if they are running outdated firmware, using default passwords or connected to unsupported software.

“As printers have evolved into intelligent, network-connected devices, organisations need to ensure they are included within their broader cybersecurity strategy rather than viewed as standalone office equipment.”

Hybrid impact

One complicating factor in printer network security for SMBs can be hybrid working. Ian notes that hybrid working has expanded the number of locations and devices that organisations need to secure. “Employees may be printing from different offices, shared workspaces or remote locations, creating additional considerations around access control, document security and device management,” he says.

“As a result, organisations are increasingly looking for cloud-based solutions that provide visibility and control across distributed environments. The ability to manage, monitor and secure print infrastructure remotely has become particularly important in supporting flexible working models.”

Gary agrees that people visiting an office periodically can add complexity. “Print management tools to allow users to print jobs and collect when in the office improves security, reduces wastage, and reduces risk of cross contamination of documents at the printer, which is a real concern with sensitive documents,” he says.

Jonathan adds that hybrid working expands the potential attack surface and increases the complexity of threat levels. “This requires more robust security solutions to protect sensitive data and systems,” he adds.

“Businesses need to be able to provide security solutions that do not impede user experience but still provide administrators the ability to implement security controls and have full auditing capabilities of user activity.”

Trends

SMB customers have certain requirements for what they want in a network security solution. Ian says that simplicity remains a key priority. “Many SMBs are looking for solutions that strengthen security without adding complexity or increasing demands on already stretched IT teams,” he adds. “Automation, ease of deployment and centralised management are becoming increasingly important considerations.

“While cost effectiveness remains important, organisations are also placing greater value on reliability, resilience and ongoing support. Increasingly, SMBs are seeking solutions that deliver long-term value by reducing risk and simplifying day-to-day management.”

Jonathan agrees that simplicity is key. “SMBs often do not have dedicated IT staff or management resources, so there’s a preference for easy-to-install, operate and manage tools without needing advanced technical skills or significant customisations,” he says. “There is also growing preference for cloud solutions that remove the need for on-premise servers. At the same time, security also take priority with SMBs seeking solutions that meet security standards and can be operated securely even by non-specialist staff.”

Gary agrees that customers are often looking for simplicity, as well as seamless integration, easy deployment of drivers and flexibility to have a solution that is truly independent across all vendors for future flexibility such as PaperCut, MyQ and Y Soft. “They clearly all want to maintain value for money, but clients are beginning to consider the risk of breaches/security vs investment and see print management and security settings as a necessary investment to secure their network like with IT,” he adds.

Security components

When putting together a print network security solution for an SMB, there are certain things that should be included.

Ian says that a strong print security solution should combine secure hardware, proactive device management and ongoing monitoring. “Core elements include regular firmware updates, strong authentication measures, encrypted data transmission, secure print release capabilities and the ability to identify and address vulnerabilities quickly,” he adds.

“For SMBs with limited IT resources, centralised management tools can play an important role by simplifying administration, automating updates and helping ensure devices remain compliant with security policies.”

Gary adds that there are varying solutions dependant on the client infrastructure. “Implementing basic systems to control access to the device, encryption of documents, basic security settings give some initial piece of mind which can be increased depending on the level of the clients’ risk concern,” he says.

Jonathan adds that a secure print solution should ensure all users are required to authenticate before print release and ensure scanning is restricted to the user logged in. “Audit tracing capabilities are also important for providing visibility into who printed or scanned a document, when this occurred, and from which device,” he adds.

“Businesses should also implement a centralised fleet management tool to manage device security settings, applications and firmware. This then ensures a consistent standard for security updates.

“Lastly, seeking guidance from an expert or print provider can offer crucial advice on security best practice and solutions that can ensure risks and data breaches can be mitigated, and audit trails of all activity is captured.”

Reseller conversations

When talking to SMB customers about printer network security, there are certain topics that resellers should focus on.

Gary says that with more companies considering printing more due to information retention working from paper vs digital, it should be emphasised that printer network security is vital. “Businesses would not risk any other networked device being insecure on their network so why would they with a printer?” he says. “The cost of investment is negligible vs the cost of a breach, including the unrest and business disruption caused by it. Mitigating risk is key and an MFP is a key part of that infrastructure.”

Ian agrees that resellers should encourage customers to view print security as an integral part of their overall cybersecurity strategy. “Conversations should focus on identifying potential vulnerabilities, reviewing the security capabilities of existing devices and ensuring firmware and software remain up to date,” he says.

“It’s also important to highlight the risks associated with ageing hardware and unsupported software, as these can create security gaps. By taking a proactive approach and offering regular security assessments, resellers can help customers stay ahead of evolving threats while strengthening trust and long-term relationships.”

Jonathan says that it is also important to discuss with customers whether their printer fleet can be managed centrally, whether firmware and software are regularly updated to address security vulnerabilities, and whether encryption is in place to protect data during printing and scanning.

“Resellers should also highlight the risk of physical data leaks,” he adds. “Common issues such as documents being printed to the wrong device or scans being sent to incorrect destinations can expose sensitive information and create compliance risks.”

 

Pitch38 Li Cvr
author avatar
Dan Parton
Dan is editor of News in the Channel and Print in the Channel and has been with the magazines since their launch in 2022, with a journalism career spanning more than 20 years. He is passionate about bringing stories from the sector to a wider audience.

RELATED ARTICLES

Read our latest magazine