The Print Security Mistakes That Are Damaging Your Organisation
Global headlines highlight the crippling costs of corporate security breaches and 72% of companies say they recognise the implications of operating an insecure print infrastructure – yet public and private sector organisations are still failing to turn their priorities into action and to protect themselves from the inevitable.
Organisations rate themselves 8.2 out of 10 for their print security infrastructure but 22% haven’t deployed any security measures at all and only approximately half have sought to harden their devices, implement formal policies or encrypt hard drive data.
With 61% of security breaches occurring as the direct result of insecure printing, it is clear that information security is a primary challenge of the digital age. This seemingly innocuous activity will, if not given a rigorous security overhaul, provide an open door for data thieves and hackers to access corporate networks, steal data, impede operations and damage reputation, not to mention leave organisations susceptible to onerous fines and lost intellectual property.
It is the proliferation of the Internet of Things in particular, that has propelled printer security into the lime light and under the gaze of CIOs. As more and more devices join shared networks in a bid to revolutionise the workplace experience (the figure is expected to hit 10 billion by 2020), the greater the range, seriousness and likelihood of security threats organisations face.
Here are the five most common and dangerous mistakes that are leaving organisations vulnerable to attack:
1. Lack of consistency. While CAPEX budgets might necessitate a blend of older legacy devices and newer equipment, a lack of device commonality and consistency across an MFP fleet makes it challenging to get a world view of printer security across the organisation as a whole. Different devices, from multiple vendors, using different software require the time and know-how that many organisations just don’t have. A standardised print environment with one technology partner is easier to manage, monitor and audit and dramatically reduces the risks. 38% of organisations with a centralised printing model reported no security breaches, compared with 18% of those businesses with a more disparate approach.
2. No clear view of the risks. Most security policies do not cover print security, despite the inherent weakness of unprotected MFPs. As such this lack of understanding about the true nature of print security risks, the corrective steps required and where operational vulnerability lies, can pose very real threats to an organisation. A comprehensive audit of systems, behaviours and risks is the foundation for a robust print security policy that reflects an organisation’s true operational needs.
3. Absence of controls and settings. While lots of MFPs have the capability to control network access and manage how and when network protocols and ports are used, many CIOs wrongly assume these services have been activated. Failure to change the settings of MFPs away from manufacturer defaults adds unnecessarily to system vulnerabilities, even when hosted behind a firewall. Without making settings and controls secure it is possible for third parties to re-route information, introduce malware and intercept data, particularly as information waits in print queues. Open network ports compound these risks further making MFPs a highly targetable and attractive gateway to wider system access. Use the experience of third-party MSP to configure security settings to suit your needs and simply the task of device hardening.
4. Unclaimed confidential documents. Forty five percent of UK employees have seen confidential documents that have been left on printers. These unclaimed documents present everyday security risks and can lead to sensitive and confidential information falling into the wrong hands, both internally and externally, with ease. The introduction of user identification through pull printing functionality eradicates this risk and creates a more print-considerate employee (reducing paper consumption and consumable costs).
5. Latent information and hard disk risks. Information does not just pass through MFPs – whether it is scanned, copied or printed, a copy will be stored on its hard-drive. Without encryption or systematic erasure, MFP hard drives can be hacked via open port connections and provide additional risks once printer leases have expired or kit is sold on.
Despite security being such a prevalent and senior-level concern in both large and small organisations, there are still too many who do not understand the risks or how to translate their fears into preventative action.
As the cost of a security breach in the UK reaches up to £3.14m , it is crucial for compliance officers and CIOs to close the gaps in MFP print security by recognising it as a component of wider IT strategy, rather than a standalone hardware issue. This shift in approach, coupled with the help and guidance of an independent MPS provider, will help organisations to mitigate the increasing risks associated with widespread device connectivity and hacker-attacks.
With such formidable implications for those experiencing security and data breaches, there is no time to delay. Print security is a business imperative. To be protected is to be proactive.
Head of Support Services
 Quocirca 2017 – Print Security: An imperative in the IoT era report Taken from Gartner research 2018 ‘Over-confidence in Print Security’ PowerPoint https://iot-analytics.com/state-of-the-iot-update-q1-q2-2018-number-of-iot-devices-now-7b/ Quocirca 2017 – Print Security: An imperative in the IoT era report Figures from PWC’s 2015 Information Security Breaches Survey Report