Could your Small Office / Home Office printer really be a security risk? Yes !
To set the scene. Your printer isn’t about to take secret copies of documents and sell them to the highest bidder on the dark web, or steal money from the safe and run away to the Seychelles. At least not in the ‘physical sense’, but there is a very real security risk.
Some background information…
On the 21st October 2016, the Internet was subject to a huge cyber attack, which blocked some of the world’s largest and most popular websites, including Netflix, Paypal, Twitter and Spotify.
There’s a nice Guardian article on the attack the link is HERE
The attack came in waves, and targeted one of the internet’s backbone service providers, Dyn, which resulted in denial of service to many webs sites for millions of people. But what was interesting (for the geek’s, terrifying for everyone else) was the source of the attack. Humble, simple internet connected devices (IoT) mostly CCTV and DVR’s, but also Kettles !! Over 900,000 of these devices were hacked (their software changed) to make them all, at the same time, try to connect to Dyn’s customers websites. Its termed a ‘denial of access attack’, its simple – you hit a website with millions of requests to connect and it cannot cope, and either goes down or clogs up, the result being the same it is effectively goes off line.
Bringing this back to our SOHO Printers. Before the 2016 attack on Dyn clients, the hackers needed to find internet connected devices with flawed internet security. Guess what ! There’s an app for that !! Unbelievable, but true, a program called ‘Shodan’ will search for devices connected to the internet with poor security. Mostly these would be found connected to open Wi-Fi connections. And, what’s the most popular WiFi connected device in a Small Office / Home Office? Yes, here we find our WiFi enabled printers.
The security risk, for your business, isn’t that someone will hijack your printer and try to hack into Nasa or the Pentagon. But they can intercept documents sent to these printers, save them to the cloud and allow the print job to continue – so you have no idea what just happened. Worse, they can use a printer to access you network to install malware or access your file servers !!
The threat is not new, and there are steps that can be taken to mitigate these risks. The problem is the message is out there but its not getting heard – in a 2015 study by the Ponemon Institute approximately 56% of businesses did not include printers in their security reviews. So, these security measures are not in place, not maintained or are simply locally overlooked when a new printer arrives.
These printers are specifically for the small office/home office but some times a key company figure will have one in his office for easy access/confidential use.
This is one reason why, at CSR, our printers are hard wired in to the network. There’s no WiFi for the hackers to hack into, your files aren’t being broadcast into the ether, there’s no need to keep up to date with security patches – keeping the s/w ahead of the hackers – let it be stress free! So you simply do not have the same vulnerability, but crucially you do still have a flexible print solution, including confidential print where documents can be sent to a machine and retrieved with a pin number when the right person arrives at the printer, thus avoiding confidential documents being picked up by someone else.
Customer Service and Customer Delight are at the centre of all we do here at CSR, the design and Implementation of our Managed Print Solutions can sometimes solve problems that our clients don’t even know exist, but that’s fine – we live to serve and …. we have you covered.
Image courtesy of EFF-Graphics