This Week in Imaging: A Closer Look at Printer/MFP Security
With news about serious security breaches steadily streaming across our desktops, the importance of cyber security continues to increase more and more. Unfortunately, many users have a hard time seeing their printers and copier/MFPs as cyber-security risks, even though most are now network- and Internet-connected.
That means, for instance, that if a cyber-attacker breaches a network-connected printer or copier/MFP, they could open a gateway to the entire network for access to user, company, and customer data, leading to serious financial consequences, as well as untold damage to the company’s reputation.
This week in imaging we ran across two interesting reminders of how security has increasingly become a key criteria in the imaging industry:
- Samsung: Securing Printers and Copier/MFPs in the Enterprise
- Xerox Reports Channel Partners Winning More MPS Deals
Example #1 is Samsung (and HP Inc. by extension) offering tips on how to secure printers, including the use of their value-added security solutions such as the Samsung Printing Security Core, part of the Samsung Business Core 2.5 suite of solutions, and a number of secure pull-printing solutions offered by Samsung partner PrinterOn.
Meanwhile, HP Inc. has its own suite of security services for its Pro line of enterprise printers that includes:
- HP Connection Inspector – provides continuous monitoring that detects and stops intrusions within memory or outbound requests and forces a reboot to initiate repairs.
- HP Sure Start – detects and prevents the execution of malicious code and self-heals the BIOS.
- HP JetAdvantage Security Manager – a fleet-management security solution that checks and fixes device security settings in a reboot.
- Whitelisting – helps ensure only authentic HP code is loaded into memory and will reboot and notify IT if compromised.
That said, the Samsung/HP Inc. line of printers and copiers seem to have all of the bases covered. We can only speculate when and if HP will homogenize these solutions under the HP Inc. brand.
Example #2 is an announcement from Xerox celebrating the landing of two major managed print services accounts by its channel partners, and highlighting the Xerox AltaLink and VersaLink devices’ secure-print feature that helped seal the deal with Raleigh General Hospital by protecting patient privacy.
This announcement highlights that vendors, dealers, and resellers can gain a competitive advantage by providing intelligently designed security measures, especially if they are on-board, as they easier to market than third-party solutions.
You’ve got me going, so what can we do?
Let’s consider the case of a small online reseller that has only have a few low-cost network-connected printers scattered around their office (a majority of which are also connected to the Internet). If the security of one of them is breached, hackers could access company financial data, and sales data that may include considerable amounts of user-account information such as names, addresses, and links to such critical data such as credit card information. How? Trolling around the network to gain access to a PC that’s logged into the customer-information database, particularly if it’s stored locally (cloud services provide an additional layer of security that is considerably more difficult to breach).
The easiest method of prevention is to install hardened passwords during the setup of the printers. Most people secure their PCs and mobile devices with passwords, and they should also do so with their printers and MFPs. We highly recommend that, right out-of-the-box, printer administrators apply a hardened password, as default passwords for printers and MFPs are widely available on the Web. This is a critical first step, as anybody that can access a printer’s administrative functions is then able to then wreak untold havoc and compromise many other security measures that may be applied.
Larger organizations should of course deploy user-authentication options that include smart ID cards, and PIN numbers, as well as NFC and Bluetooth Low Energy (BLE) user authentication (so that employees can log-in to printers using their desktop and mobile device). To ensure devices stay safe, solutions such as Samsung’s Secure Login Core also automatically log users out when they’re done. IT administrators can also change settings to prompt printers to log inactive users out faster.
Perhaps the most advanced user authentication is Konica Minolta’s biometric authentication option. With this option, users are identified by their finger-vein patterns – a highly reliable user-authentication method, since user ID cards can be stolen. This week, Konica Minolta also reported that it’s made an investment in Nymi, Inc., which makes wearable biometric user-authentication devices (see story below).
The bottom line is that it’s not very difficult to harden access to printers, and by extension the entire network, and doing so will go a long way to hardening overall cyber-security.
Next Week: Don’t miss our in-depth coverage of important news from Lexmark International.
- April 2018: Be Careful What You Click On and More; Xerox Discusses Printer Security
- April: 2018: Quorcirca Survey: Less-Paper; Office Security Expertise, Mobile to Lead Office-Imaging Industry
- March 2018:Worldwide Spending on Security Solutions Forecast to Reach $91 Billion this Year
- January 2018: Customers Increasingly Look for Printer Security; Not Speeds and Feeds
This Week in Imaging: