Print, Copy, Scan … Hack? Unprotected MFDs Create Cybersecurity Risks
Despite the digitization of many business processes, workers still need to print, scan, fax and copy documents. However, employees working from home no longer have access to the business machines in the office. This has led to a surge in demand for home office printers and multifunction devices (MFDs).
Growing numbers of MFDs could spell cybersecurity trouble for organizations already struggling to secure a distributed workforce. Like most technology in the workplace, copiers and MFDs have evolved to include many advanced features, such as the ability to communicate wirelessly with computers and smartphones and to fax and email documents through network connections.
MFDs often have weak cyber security, with default access credentials shared by multiple administrators and firmware that’s never updated. Hackers target these vulnerabilities as a means to gain access to the company network, steal data and disrupt business processes. Some MFDs also have significant processing power, which may be harnessed for botnets that perpetrate denial-of-service and other attacks.
According to Quocirca’s Global Print Security Landscape 2019 report, 11 percent of all security incidents are print-related, with the average organization suffering nine such incidents each year. More than half (59 percent) of these cybersecurity incidents result in data loss.
Multiple Functions, Multiple Cyber Threats
MFDs can be a significant source of data leaks. Most MFDs, printers and copiers have hard drives that store user credentials, email addresses, fax numbers and other information — along with the documents that are processed by the machine. Some MFDs can even store common print jobs for on-demand access. If the device is hacked, the information and documents stored on the hard drive can be exposed.
Networked MFDs have print queues for managing multiple jobs, and workflows that handle the distribution of documents to multiple users. A hacker who gains access to the MFD could intercept, reroute or alter print jobs, or download saved copies of documents and scans.
Growing numbers of MFDs could spell cybersecurity trouble for organizations already struggling to secure a distributed workforce.
Organizations are increasingly aware of these threats. In the Quocirca survey, 66 percent of respondents ranked printer vulnerabilities among their Top 5 security risks.
Seventy percent have conducted a print security assessment and 77 percent say they plan to spend more on print security.
However, just 51 percent of organizations have a print security policy, and only 48 percent update printer firmware regularly. Just 11 percent of the IT security budget is allocated specifically to print-related threats.
How to Reduce MFD & Printer Security Risk
When acquiring new equipment, select an MFD that is configurable and offers built-in security features. For existing equipment, contact the vendor about equipment upgrades that include security features. Some vendors offer optional data security kits.
Here are some additional tips for securing MFDs in your organization:
- Develop print security policies and ensure that IT staff and employees are aware of them.
- Change the default administrator password. If the password must be shared with a third-party maintenance provider, ensure that it’s kept secure.
- Where possible, require that users enter a passcode or PIN to access spooled print and copy jobs.
- Shut off any ports or features you don’t use.
- Perform firmware updates regularly.
- Consider requiring drive encryption. If possible, configure devices to erase files after each job.
- Destroy or erase internal hard drives before decommissioning the device.
GDS has expertise across all aspects of cybersecurity and every device that attaches to your network. We can help you assess your print security risks and implement procedures and tools to minimize the threat. We can also help you take steps to secure your remote workforce. Don’t let your MFDs become the source of a costly and disruptive cybersecurity incident.
Benefits of Managed IT Services from Global Data Systems
- Strategic Managed IT: We help you solve your technology related business problems.
- Connectivity: We get you reliable, secure connectivity anywhere in the western hemisphere in 48 hours.
- Support: When you need help simply call our 24x7x365 support number.
- Billing: Instead of managing hundreds of vendors - get one, easy to read bill from GDS.
Contact Managed Services Provider, Global Data Systems >