Printer Security: What You Don’t Know CAN Hurt You

Bouncer

Network security is top of mind for IT decision makers today. While 90% of organizations report having suffered at least one data loss through unsecured printing, most enterprises have overlooked printing devices in their security strategy.

I sat down with Steve Daniels (HP Commercial Business Development Manager) to discuss the most common printer security vulnerabilities and what top channel partners are doing to keep their customer’s networks safe.

Jennings Tinsley: “Security is a top priority for CIOs, but printers are often left out of the security conversation. Why is printer security overlooked?”

Steve Daniels: “Printers tend to be thought of as ancillary or peripheral to “intelligent devices”. In particular medium to small organizations will view printers as “just a box”. But the truth is that printers today have the same characteristics as other devices on the network. Printers have an operating system, a hard drive, software, and an internet connection so they operate much like a PC. Think of printers as devices that traffic in confidential information and are open to the same security risks as PCs. Organizations who are taking security seriously are treating networked printers as equal citizens on the corporate network.”

JT: “What is the most common type of printer security breach? What is a quick change organizations can make to improve printer security today?”

SD: “The most common security threat is surprisingly simple. People picking up documents from the output tray that were intended for somebody else. We have all been there. You walk up to the printer and find a stack of pages somebody else printed but forgot to pick up. The documents people print are current and important. When you have a sensitive environment like healthcare, financial services or government agencies, those documents getting in the wrong hands could mean regulatory or legal trouble. The quickest way to protect information en route to a printer is to implement what’s called pull printing (also known as PIN printing). Pull printing will require the user to type in a code or scan a badge to verify their identity before the print job is released.”

JT: “The Target security breach ultimately resulted in hundreds of millions in damages and the resignation of its CEO. Can you give examples of how unsecured printers have impacted organizations?”

SD: “We have seen printer security breaches come in many forms. What is becoming more prevalent now is unauthorized access from remote devices or ‘sniffers’ attached to network cables. People who really want a way into the network will find a way through an unsecured printer or the HVAC system in Target’s case. While we can’t reference anything as high profile as Sony or Target, we can link several instances of regulatory violations (HIPPA and SEC) to unprotected printers connected to corporate networks.”

(after posting I was made aware of a recent large scale printer hack at several universities)

JT: “What is the best way to begin the conversation with a customer about secure print?”

SD: “I start with “Tell me about your organization’s printer security policy?” You are likely to get blank stares. In a recent study, nearly 90% of enterprises say they have suffered at least one data loss through unsecured printing. Pointing out this statistic will get your customer thinking seriously about which vulnerabilities may be lurking among their printing devices. When the customer recognizes that printers are equal citizens on the network, they will want to take steps to introduce security protocols on every device.”

JT: “HP talks about being 3 to 5 years ahead of its competitors when it comes to printer security. Can you talk about HP’s secure print differentiators?”

SD: “In the past few months HP brought to market 3 key features that give us a solid competitive advantage when it comes to printer security. All three of these features come standard on every new enterprise class device. The security features include HP Sure Start, Whitelisting and Run-time Intrusion Detection. Sure Start is a BIOS protection that validates the BIOS at every boot cycle. Whitelisting validates the firmware to ensure only known-good HP code is present. Run-Time intrusion detection looks for anomalies during complex firmware and memory operations. If an attack occurs, it shuts down the device and reboots.

HP offers a free security assessment for customer who want to know if their printer fleet has vulnerabilities. The Quick Assess takes about 1 hour and covers up to 20 HP printers or MFPs. At the end of the assessment the customer gets a risk report showing what percentage of devices are vulnerable and recommendations for how to address.”

To view a replay of SYNNEX/HP’s print security webinar CLICK HERE

To schedule an HP Quick Assess, contact the SYNNEX HP Business Development team: hpipg@synnex.com