Printers could be the next target

While the high-tech threat intensifies, Altodigital’s group marketing manager Alistair Millar looks at how the printer could be the weakest security link and how low-tech human error could threaten GDPR compliance

A recent UK government survey revealed that one in 10 FTSE 350 companies has no plan to handle a cyber attack and 68% of boards had received no training advising them on what to do in the event of an incident.

This comes in the wake of high-profile attacks such as that on credit reporting agency Equifax where 694,000 UK customers and millions from the US had their data stolen. Raising temperatures even further, Jeremy Fleming, former deputy director of MI5, has recently stated: “Protecting British citizens against cyberattacks must be given the same priority as fighting terrorism.”

Terrorism, cybercrime – it’s all heady stuff – but while the issue remains at simmering point, many organisations are watching the clock tick towards the May 2018 deadline when GDPR comes into force. They are equally worried about the mammoth fines threatened for non-compliance to these new data protection laws as they are about the impact of being hacked.

 

All it takes is one weak link

But however much money companies put into protecting their networks, if there is a weak link anywhere in the workflow, the cyber criminals will exploit it. Unfortunately, many businesses remain unaware that they do have an Achilles heel – their printers. In fact, one expert has gone as far as to call these devices “the largest potential security hole”.  As printers become smarter, integrating with enterprise systems and other software, this hole is becoming even larger.

To prove this point, earlier this year a bored teenager hacked 150,000 printers, sending a document to print to alert the owners that the device had been compromised. He claimed he was “helping people to fix their security” but he was also “having fun at the same time.”

An experienced hacker, this individual could have used the printer route to spread ransomware to all the devices on the same network. Also, given the typical office printer has a PC-style hard drive storing digital copies of every document it has ever scanned or printed, anyone hacking into the printer will have access to a company’s most confidential documents.

This may represent a huge risk, but the solution is straightforward; a firewall on the printer will make it far more difficult to get in to. Businesses should also consider a device offering protocol settings with encryption implemented and configured to print fleet devices. Without this setting, hackers could quite easily take the document in transit from the computer to the printer.

However, too much of an emphasis on high-tech security and it’s easy to forget that many data protection breaches are very low-tech in style. In some ways, thoughtlessness and lack of careful document management can cause almost as much mayhem as a cyber attack.

The most obvious and common problem is leaving documents uncollected at the printer. While this may not cause such a high-profile security alert as being hacked, it can still cause an expensive breach of data protection laws.

 

Secure print

Working with technology suppliers can ensure you are doing everything you can to protect confidential information. For example, including secure document release software with your devices. This means users must authenticate themselves in order to release documents from an encrypted print server. This will ensure that nobody can just sit at another person’s computer and gain access or leave with any confidential documents. Documents held on device hard disks for too long before authentication will be deleted and overwritten in the storage area to prevent them from being retrieved and printed by unauthorised users.

You should also consider a device offering protocol settings with encryption implemented and configured to print fleet devices. Without this setting, hackers could quite easily take the document in transit from the computer to the printer.

Jobs can be held and checked with optical character recognition (OCR) for sensitive content before being printed. Again, this ensures that the right person is collecting the right documents from the printer. In addition, authentication protocols ensure that documents cannot be scanned or printed without permission.

Alternatively, everything can be encrypted into an unreadable code to prevent it being easily deciphered.  Adding this feature means that even if someone can access your documents, they won’t be able to make sense of the information.

Office technology suppliers are in a good position to make their customers aware of these threats and help ensure that their printer security is foolproof. This way, business leaders may still lack planning and training on cyber attacks, but at least you printer won’t be a “back door” to your network for hackers.

Related reading