If you were in South Korea in the summer of 2016, you may have noticed a startling sight: a drone armed with strange equipment hovering outside office windows. This drone wasn't getting panoramic views of the Seoul cityscape, however—it was hacking office printers.
Fortunately for Seoul's office dwellers, those printers didn't stay hacked. A group of academic researchers were simply using a drone to gauge the average vulnerability of office printers. What they found was alarming—they could fly up the side of a skyscraper and hack machines as they went, as easy as connecting to WiFi.
The lesson is clear—if businesses don't lock down their printers soon, they'll find themselves staring down their own hacking drone (or, more likely, some less-flashy equivalent), and it won't be operated by friendly academics. Here's how you can protect your multi-function printers from cyber-attack.
Hide your printer's IP address. In the United States alone, there are more than 12,000 printers publically accessible on the internet, protected by no safeguards whatsoever. Is yours one of them? Using your printer's publically available IP address, hackers can log in and steal data from a printer, especially if you haven't changed its default password.
Update your printer's firmware. Even if you've taken the basic step of keeping your printer out of sight from hackers, they may still find a way in. According to HP, unpatched vulnerabilities in software accounted for 44% of all cyber-attacks in 2014. If your printer's firmware is out of date, you could still be leaving a window open into your wider network.
Delete your printer's internal cache. Business printers can contain a hard drive with memory in the gigabyte range. Unlike consumer-grade printers, this memory doesn't get wiped when a printer gets turned off. If you dispose of a device that contains sensitive data without destroying or erasing its hard drive, then compliance regimes such as HIPP will consider this a data breach.
Implement strong access controls. In the wake of a widespread attack in which a hacker took over printers and used them to send offensive messages, many companies have decided that their printers need stronger authentication. Businesses can require users to input passwords, type in a PIN, or swipe an ID card before using a device. Not only will this prevent hackers from hijacking your in-tray, it can also ensure strong compliance—no one who isn't authorized will be able to print sensitive documents.
It's admittedly difficult to try and lock down printer security, especially in light of all the other attack surfaces that administrators need to safeguard. Let PCS design a solution for you that protects itself. PCS is a Silver HP partner with decades of experience setting up secure print solutions that perfectly match your business needs. View our infographic and contact PCS to learn more about how we can make printer security headaches go away.
Just because your small business isn't handling credit card and social security data for millions of customers, you shouldn't brush information security aside. For SMBs, the effect of hacking is personal: fines, disclosure requirements, and the cost of replacing both data and equipment can be crippling. Within six months after being hacked, 60% of small businesses will be forced to shut down.