Printer Security Risks: What Every SMB Needs to Know

659
Keeping it safe

With cybercrime continuing to rise, making sure a printer fleet is fully secure is becoming increasingly vital for small- and medium-sized businesses. But with the threats ever-evolving, resellers need to help ensure their customers remain safe from the cybercriminals.

For small- and medium-sized businesses (SMBs), cybersecurity is now vital. No longer do cybercriminals set their sights on large businesses, they know that SMBs can also provide profitable opportunities.  

But for an SMB a cyberattack can be devastating in terms of lost revenue and reputation – in some cases, it has helped to lead to the demise of a business entirely.

This means SMBs need to secure all their networked devices, including printers, to ensure the business is as secure as possible from cybercriminals. However, it seems that for many SMBs, printer security is still not – yet – a priority.

“Quocirca’s SMB Attitudes to Print Security 2024 Report reveals that despite 63% of SMBs experiencing a costly print-related data breach in the past year, only 20% are concerned about print security,” says Louella Fernandes, CEO of Quocirca. 

“Despite clear risks, printers are often an afterthought where security is concerned. Only one in five SMB IT decision-maker respondents in our research said that office print infrastructure – including home-based printers – was a key security concern.”

Louella notes that the focus tends to be on email and cloud or hybrid application platforms. “These were a concern for 31% and 29% respectively,” she says. “It is likely that this view is reflected at owner/executive level, which means print risk remains largely unmanaged among SMBs. 

“This creates a significant opportunity for vendors and partners to plug the gap with strong security propositions across hardware, solutions, and services.

“If resellers aren’t already offering it as part of managed print services they should consider doing so. Our research consistently indicates that customers want managed print services providers to offer security expertise.” 

Lexmark’s CISO, Bryan Willett, adds that printer security is the same risk as IoT security in any organisation. “It is important to properly secure the device, whether it be for a network, home, small office, medium office or large office,” he says. “It begins with setting an administrative password, shutting off services that are not needed on that device, and patching the device on a regular cadence. These steps can go a long way in lowering the risk to the operating environment of any IoT device, including printers.”

More than an afterthought

Deyon Antoine, product marketing manager at Toshiba Tec, agrees that printer security is still often an afterthought for many SMB owners.

“It’s easy to forget that multifunctional printers (MFPs) are hugely sophisticated devices, with microcomputers that are capable of handling, processing and monitoring huge amounts of data,” he says. “With internet connection and innovative embedded software, they are capable of much more than the basic network peripheral they once were.

“The problem is, while some organisations have yet to recognise the potential risk to these essential business tools, hackers have already caught on.

“Cybercriminals will look for weak links and entry points within a network to exploit. From the complex interception of unencrypted print jobs to the more basic human-error of leaving printed documents at the device, there are a few ways that a MFP could be used to gain access confidential data.”

Range of solutions

But there are a range of solutions available to SMBs to counteract the threats. Deyon recommends a multi-layered solution. “This means having security in place at hardware and software level,” he says. 

“On hardware-level security, for example on Toshiba devices, Trusted Platform Module 2.0 (TPM 2.0) provides hardware-level protection for hard drive data stored on the MFP. TPM 2.0 is a security chip on the machine’s motherboard, which secures and encrypts data with a unique encrypted key. Since part of this cryptographic key is stored on the module chip and not within the SSD/HDD, any attempts to physically remove the drives and extract information will be futile. 

“User access to device functions, including copying, scanning and printing, can be authenticated by biometric, password, PIN or ID Card directly at the device, limiting access to only those who are authorised. Documents can only be released at the printer by their owner, preventing abandoned printouts.  

“Meanwhile, Domain Name System security can safeguard against threats arising at network level. Layered security can also protect your IT systems from network-level threats and data breaches.

“Also, anti-malware protects against malicious scripts being run on the device.”

Then there is also software-level security. “Print software adds an extra layer of protection to any hardware-level security,” Deyon says. “Apps such as Toshiba’s e-FOLLOW.cloud or PaperCut Hive allow users to better control, manage, monitor and enable print usage, with the added benefit of built-in security features. Functionalities like secure print release, digital signatures, rule-based access control and end-to-end encryption help to ensure compliance and maximum security for all data.”

Reseller role

Resellers can play a huge role in informing their SMB customers of the need to keep their printers secure – and provide the solutions their business requires to do that. 

“Owners of small businesses have a lot of important areas of focus, many of them are on the day-to-day operations of the business. IoT devices and printers are likely not top of mind,” says Bryan. “However, it is important for dealers selling the products and vendors of the products to educate owners on best practices – to guide them on the importance of securing their internet-connected devices.

“On the vendor side, it is important for the product to have an easy to configure security wizard – guiding the customer through the best configuration for the device and setting the appropriate admin accounts up for the device. On the reseller side, there should be managed services to manage the security of the device, including configuration and ongoing security.

“Managed security services are an important offering that resellers either offer or should be offering to SMBs. If an organisation does not subscribe, it’s important for them to understand their responsibilities for maintaining a secure device. This is always an investment decision that needs to be made by a customer on whether to take on the responsibility themselves or to outsource.”

Deyon agrees that it is important to offer a managed service. “At Toshiba, we audit a business’ current fleet and make recommendations for rationalisation and optimisation, to remove any complexity from the infrastructure,” he says. “The more streamlined it is, the simpler it will be to manage its security. Then, we implement and integrate new devices, maintain their operation, monitor risk, and ensure the print fleet meets the business’ requirements and security standards.”

He adds that managed IT services can also be offered. “If a managed IT service is preferred, Toshiba can audit your security provisions to ensure they are up to date and compliant, identifying and patching any vulnerabilities,” he says.

Other options

However, for SMBs that don’t want either of these solutions, there are other options that resellers can offer to help keep the print fleet secure.

“Consider upgrading the print fleet,” says Deyon. “Older devices will likely have outdated hardware-level security, weakening the multi-layer protection.

“Also aim for a single vendor for the print fleet; security credentials and functions are likely to be similar across all devices, with a consistent standard of compliance.

“Consider moving from on-premise to cloud-based solutions such as e-FOLLOW.cloud, to ensure software is consistently up-to-date.”

Ongoing issue

With cyberthreats continuing to grow security will be an ongoing issue for SMBs in all sectors. Deyon says that cybercriminals will continue to try and exploit vulnerability in company networks. “Toshiba will continue improving security for its print devices to help combat this, companies will also have to do their part in being vigilant and making sure their networks are secure,” he says.

Bryan agrees, adding: “As long as devices are connected to the network, this will continue to be an issue. Proactive maintenance, which includes the care and feeding of the security risks associated with a device, is an ongoing necessity.”

Louella says that cyberattacks and cybersecurity regulations continue to grow more complex and sophisticated – and the need for security will too. “Particularly from a regulatory point of view, SMBs that supply larger organisations will start to feel the impact of cybersecurity regulations such as the NIS 2 Directive, which requires in-scope enterprises to monitor the cybersecurity efficacy of their supply chain,” she says. 

“The trickle-down effect will see more companies being required to confirm that they have robust security measures in place across the board – print infrastructure included.”