Despite increased security measures in the enterprise sphere, it’s never been easier for companies to suffer damaging information breaches. The proliferation of mobile devices and wireless connectivity has given rise to dramatically increased security risks that threaten the reputation and livelihood of big business. While some companies have taken measures to shore up network vulnerabilities, many have not. Even those who have tightened down the security of their networks have unknowingly overlooked what stands as one of the biggest gaping holes in modern business security: the unsecured printer.
The Consequences of Insufficient Security in Enterprise Printing
Poor or nonexistent printer security can create a host of damaging scenarios. Although the occasional offhand instance may not shake an enterprise to its core, the cumulative impact of repeat instances can eat away at a company’s reputation and bring about considerable consequences. These include:
- The leaking or theft of company information. Unsecured printers can give employees and outside forces unlimited access to proprietary data. Especially if these individuals have reason to do harm to a company by sharing eyes-only information with the media or rival competition. Everything that has the potential of passing through a printer – including personal information, bank account digits, expense reports and business plans – is fair game when there’s no such thing as printer security.
- Open doors to malware attacks. Unsecured wireless printers don’t just give hackers the opportunity to read information that’s transmitted across a company’s network. Because they are connected to the company network and have internal hard drives, they’re also susceptible to being infected with malware. This type of attack often manifests itself in the form of DNS (denial of service) attacks that can cripple an entire organization’s capacity to access its printers.
- Increased maintenance and supply costs. It’s not uncommon for hackers to wreak havoc on enterprises by illegally tapping into their printers and gumming up the works with spoof print jobs that use up hundreds of sheets of paper at a time and run ink cartridges dry. This type of hijacking of vital corporate machinery can rack up cost in maintenance and supply, in addition to untold hours of lost productivity.
For Some Industries, Lax Printer Security Isn’t an Option
The Gramm-Leach-Bliley Act requires banks and insurance companies to protect their customers by safeguarding sensitive data. There are other industries that have similar oversight on requirements for information security, including the healthcare industry and the U.S. legal industry. Failing adequate printer security procedures put enterprises in jeopardy of serious fines if it’s discovered that internal procedures have led to a breach of customer information.
In September 2014, it was reported that a hacker was able to exploit a firmware update flaw in a Canon Pixma MG6450 printer to install the computer game Doom on the device’s menu screen. And more recently, Kevin Mitnick, a former hacker turned security consultant, claimed he successfully hacked into an unnamed New York retailer’s computer network by exploiting a networked printer guarded only by a default password. These are just two high profile examples of how a single motivated hacker can exploit a corporate printer for the purposes of creating chaos.
The growing resourcefulness of hackers and the reality of corporate espionage provides clear indication of the critical importance of enterprise printing security. A company that hasn’t taken into consideration the network vulnerabilities present in its interconnected multifunction printers is one that’s headed for harsh lessons, with potentially damning consequences.