This Week in Imaging: A Look at Current Printer and MFP Security Tactics

by Kathleen Wirth · November 22, 2024

One of the most critical and talked-about topics in the printer/MFP industry is security. That’s because any device connected to the Internet, including printers and MFPs, are potentially vulnerable to cyber attacks. Security breaches can also come from within an enterprise, whether deliberately or by accident.

The following printer security standards are currently available, ranging from basic to more advanced:

Network Security

Printers and MFPs should be connected only to secure Wi-Fi networks. If possible, enterprises can also limit the number of printers connected to the Internet, using direct connection or WiFi Direct. They can also be installed on a separate VLAN or subnet to limit access and reduce exposure to potential threats, and they should use secure communication protocols such as HTTPS, FTPS, or IPPS instead of unsecured protocols like HTTP or FTP.

Administrators can also restrict access to the printer/MFP by specifying that only specific IP addressses and ports can access the printer. They should also disable unused services, and turn off protocols such as Telnet or FTP if they’re not required.

Access Control

Administrators can restrict user access to the printer/MFP in a number of ways. For instance, they can require users enter PIN codes in the print driver, at the device itself, and/or use ID cards or network credentials.

They can also limit user functionality, limiting for instance, users’ ability to configure settings, and only instead use print, scan. etc. Finally, they can enable “pull printing,” so that documents are only printed after the user authenticates at the device, minimizing printed documents being left in output trays.

Data Protection

Data stored on the printer’s hard drive should be encrypted, and the printer’s hard drive should be regularly wiped to remove residual data.

Firmware and Software Security

Administrators should make sure that printer firmware and print drivers are regularly updated to protect against vulnerabilities. They should use devices that support only signed and validated firmware, and apply security patches as they are released.

Physical Security

Printers and MFPs should only be installed in secure locations to prevent unauthorized physical access. When possible, administrators should use physical locks to secure paper trays, USB ports, and other access points.

Monitoring and Logging

Printers/MFPs should provide audit logging so administrators can track print jobs and access attempts. Intrusion detection systems should also watch for suspicious activity involving printers, and administrators should be able to set up alerts for unauthorized access or unusual behavior.

Endpoint Protection

Administrators should disable unused ports and interfaces, such as USB or wireless. More advanced printers and MFPs also support embedded antivirus protection.

Cloud and Remote Printing Security

Enterprises should use secure, trusted cloud printing services with strong encryption and authentication. They can also require that remote users connect through a virtual private network (VPN) before accessing printers.

It’s also worth noting the additional security measures in particular deployed by HP Inc. and Xerox:

HP Security Standards

Among HP’s security measures are HP Sure Start, which prevents malicious code from infecting the printer and automatically prompts a self-healing BIOS if malware is detected. HP also deploys a self-healing reboot, under which the printer automatically detects, stops, and recovers from attacks.

Another HP security features is HP Connection Inspector, which continuously monitors all outbound connection requests. If needed, it’ll automatically reboot the printer to initiate repair work that can eliminate any malware or viruses that have gotten through security features.

HP also uses dynamic security, using the printer’s ability to communicate with toner-cartridge security chips in order to protect the integrity of the printing system. According to the firm, toner cartridges’ computer chips can be infected with malware, enabling hackers to access data processed with printer and other devices on the network.

Xerox Managed Security Services

Also worth noting are Xerox Managed Security Services, which secure not only printers and MFPs, but an enterprise’s entire network infrastructure, blocking attacks before they occur.

Xerox’s Managed Security Services includes optimizing not only office infrastructure, but also securing remote-workers’ IT assets, including employees’ personal laptops, home printers, and cell phones that may be on the enterprise’s network.

The service provides 24/7 coverage, and Xerox experts provide recommendations for various security safeguards, securing IT infrastructure and also enabing enterprises to more easily obtain cybersecurity insurance.

Summary

As with virtually everything involving cybersecurity, we can expect new measures to be deployed as new threats emerge, so it’s important to keep current on this topic.

This Week in Imaging

Environment and Sustainability

New EPEAT Criteria Would Require OEMs Enable Use of Remanufactured Cartridges

Lexmark Headquarters Receives CarbonNeutral Designation

Office Printers and Copier/MFPs

Lexmark Headquarters Receives CarbonNeutral Designation

Fujifilm Rolls Out New A3 Color Copier/MFPs with 84-Percent Reused Parts

New A3 Copier/MFP from Toshiba with Cloud Connectivity, Advanced Security, and More

Epson Expands WorkForce Pro Series with Two New Desktop A3 Models

Katun Expanding Distribution of New Arivia Copier/MFPs to Europe

Document-Processing and Workflow

Fujifilm Launches New Apeos Connect Software Development Kit