Jammed Up: Understanding Printer Security Risks
Understanding Printer Security Risks
“There are hundreds of millions of business printers in the world. Less than 2% of them are secure.” This is how a 2017 video ad from HP begins before unraveling a sinister plot where a hacker is able to gain access to a financial firm’s most sensitive data—through its printers.
A new report from Quocirca validates this concern, noting that every connected device that is part of a company’s network represents a potential vulnerability for an attack. Printers are no exception. Yet many organizations have been slow to adopt appropriate security protocol and tools to keep sensitive information protected, even as they continue to employ connected devices as a part of doing business.
Facing the Fax
The report showed that 60% of businesses in the UK, US, France, and Germany were victims of data breaches related to printers. The sum of losses from these breaches totaled to over $400,000 on average.
The threats related to printers are two-fold: as connected devices, they are vulnerable to all threats related to the IoT and they face risks related to hard copies of sensitive documents. What’s more, there seems to be a disconnect between real and perceived risks surrounding printers. According to the survey, most identify malware attacks as a top threat; however, accidental actions from internal users are actually responsible for 32% of cases and the most likely factor behind real incidents.
These numbers should be a wake-up call to all organizations that rely on printers, and especially big organizations that rely on multi-function printers to streamline day-to-day operations. These devices, which combine features like faxing, photocopying, scanning, and emailing can present risks when employees do not follow IT security policies. Another study revealed that more than half (51%) of employees said they’ve “copied, scanned, or printed confidential information at work.”
Risk Reload: Evaluating the Security of All Devices
The role of printers has evolved and become more deeply woven into the connected fabric of an organization. Subsequently, more companies are investing in ways to solve related security issues. To be exact, more than three-quarters (77%) of businesses are spending more on print security. IT security spend is also increasingly being funneled toward print-specific security measures to the tune of 11%, on average.
At least half (51%) of companies surveyed reported having a formal print security policy in place. Just under half (48%) said they apply regular firmware updates. The numbers trickle downward from there when it comes to organizations that use pull printing (40%), secure mobile printing (37%), and third-party device testing (37%).
PCI-DSS compliance also comes into play for network-connected printers. In looking at PCI scoping categories, “system component directly connects to CDE (Cardholder Data Environment)” and “system component indirectly connects to CDE” are both considered in-scope for compliance. The latter category could include network-connected printers. In short, network printers connected to any in-scope systems should be treated like a server housing sensitive data and the appropriate PCI compliance should follow.
It’s clear that both awareness of print security and the capabilities to provide a secure print environment varies across companies. This leaves many open to a security breach that could cost tens of thousands to millions of dollars, not to mention the loss of brand reputation and value.
Security (or lack thereof) has become a top pain point for businesses as data breaches continue to grab headlines—and sensitive data—with impunity. As the IoT continues to expand and more devices become connected to make up corporate ecosystems, it’s imperative that organizations take the proper steps, employ the right tools, and invest an appropriate amount of resources to keep that ecosystem secure.
Growth Hack with Arrow Payments
Most organizations need help when it comes to implementing holistic cybersecurity measures. Whether it’s businesses with multiple divisions or a university with multiple departments and campuses, Arrow Payments can partner with you to protect sensitive data across your entire ecosystem.
We like to think of protection against hacks as the best growth hack. Our expertise in all things security frees you up to prioritize the needs of the core business, enabling fast growth in a protected environment.
Our team of seasoned professionals can fine-tune your security strategy and employ proactive cybersecurity measures to ensure you remain compliant with all necessary regulations and secure from bad actors (and well-intentioned, scan-happy employees).
Get in touch to see how we can help you avoid getting jammed up with breaches and rest easy knowing your data is secure.