In all of my years in business and technology, I have never once thought nor heard anything positive about printers. They’re clumsy, “hinky” (see definition below), difficult to troubleshoot, expensive, bad for the environment….the list goes on. So while keeping unconscious tabs on that surly droid in the corner, I was pleased to see the venerable SC Magazine (whose clever readers – full disclosure – twice voted Vircom the Best Email Security Solution!) this week elevated business printers to serious security risk status.
As un-surprising as this might seem (is there anything not bad about printers?), the data will shock you. Recently published research from Quocirca reveals that 63% of businesses acknowledged printer-related security breaches in their networks. Not only is that a startling statistic, but one that would send most IT managers up to the CIO scrambling for a solution. And yet according to the Ponemon Institute, a whopping 53% of enterprises have no strategies in place when it comes to printing.
If your company’s data is important enough to encrypt , back up and secure at the device, network and cloud storage levels why wouldn’t this extend to printing peripherals? It isn’t simply a matter of making sure not to leave payroll runs lying around for the cleaners to bug out at. Printers store their various jobs – of what may be very sensitive company – data outside of the core security zone and may do so for an indeterminate amount of time. Security risk anyone? While conscientious admins make it their business to lock down users’ mobile devices that do the same thing, those not-so innocent looking beige boxes could provide enough hay for cybercrime harvest season, aggregating data from multiple mission-critical sources including finance & accounting, HR, product management and even IT.
Perhaps it’s because it simply isn’t sexy enough, or perhaps it’s something far more telling about organizational security, and possibly even a bellwether for the crater-sized security hole in the emerging Internet of Things. Simply put, printers and people who use them are by their very nature security averse. Here’s why.
While most corporate printers from the HPs, Canons & Xeroxes of the world include security protocols for processing and retrieving data via user authentication etc., there’s no certainty that these are properly in place. Based on the “53% don’t include printing in their end-point security strategy” stat would suggest they aren’t. Beyond issues of direct access to the contents of the printer, are the very real concerns over virus infection. Again, according to the Ponemon institute, 64% of IT managers suspect their printers are likely infected with some form of malware. Wow! That takes “letting the foxes guard the henhouse” to a whole new level.
Of course, printer security isn’t just about outdated, unpatched, non-secured end-point technology, it’s as much about their use in the organization and the security culture that governs it. But printers are in a special category when it comes to corporate security as they very much represent a vestige of older business practices for which, save the shredder, don’t align very well with modern threats. It’s a fair bet that the very act of printing in an organization will tend to skew older and that would suggest two issues: 1) Since older business people are more likely to be in executive positions they will more likely be printing more sensitive data and 2) That it’s very likely that the only security measures taken when printing relate to locking up or shredding the final product. That said, if printer security isn’t on the minds of the majority of people tasked with securing the organization, these issues likely run right across the organization.
For my own part, and notwithstanding my loathing of printers for all of their dysfunctionality, my own printing practices are far from exemplary. It’s not uncommon for me to receive a colleague at my desk, papers in hand asking “are these yours?”. And more times than I would be able to track, I am sure that I have started and left important jobs lurking in the printers’ memory while unconsciously erasing them from my own.
How about you? What security risks have you invited by way for the humble printer and what does your organization do to keep those threats in check?
Definition: (Adjective) Involving a device or piece of technology with many moving parts that is prone to frequent breakdown
Leave a Comment