IT departments put a lot of effort into training users and installing firewalls and antivirus software to keep hackers from accessing company’s network via desktop PCs. But there are other devices with vulnerabilities that can threaten network security – for example, multifunction office printers.
Many of those vulnerabilities were demonstrated by security researcher Deral Heiland at the recent DefCon security conference in Las Vegas, CIO.com reports.
- Many organizations fail to change the default passwords for their printers’ control panels, allowing criminals easy access to recently printed documents.
- Many printers allow administrative access through a webpage, which may contain coding flaws that allow criminals to hack them easily.
- Another attack demonstrated by Heiland can allow hackers outside the company to give themselves legitimate user accounts to access the organization’s printers.
Printer security has become more important as printers and multifunctionals have become more sophisticated. Those machines now often contain hard drives that save copies of recently scanned and printed documents, as well as on-board operating systems and applications that can have vulnerabilities just like the software on a PC.
While many of the vulnerabilities described by Heiland must be fixed by printer manufacturers, there are steps IT can take to prevent network security threats resulting from unsecured printers, such as:
- Require authentication on the machine: In departments that regularly print confidential documents, consider getting a printer that requires a user to enter their password into the machine — some printers also use swipe cards, or even biometric fingerprint readers.
- Overwrite data: Most multifunction printers have hard drives that store printed and scanned documents — but in many situations, that’s unnecessary. In those cases, you can set the machine to erase the disk after every job.
- Check the OS: Some printers use a proprietary operating system, making them relatively safe from virus attacks. But others use a common OS and are therefore vulnerable. Find out what’s on your devices and plan accordingly.
Companies also need to be careful with their office copy machines — as Canon warned businesses last year, those devices also store data on hard disks, which often aren’t erased when the machine is returned to the leasing agent or resold.