Don't leave printers out of the security conversation

As more businesses of all shapes and sizes go through digital transformation, countless devices are becoming connected to the corporate network, including printers.

Businesses today know that devices, such as PCs, laptops, and smartphones, are a threat to the enterprise network. Much of the security discussion currently centres around endpoint security - including firewalls and anti-virus software - residing on the server and being updated frequently.

Today's endpoint security includes detection and behaviour blocking of devices and constant monitoring to check for unusual behaviour. However, printers and other peripheral network devices have been left out of the security conversation; traditionally these devices haven't been a huge threat to organisations.

Organisations send classified data to the printer, such as proposals and invoices, which often find themselves easily accessible to bad actors. A 2015 survey of IT decision makers from various industries including professional services, manufacturing, and financial services, IDC found that more than half of the companies interviewed had experienced an IT security breach that included print security.

The vulnerabilities came from:

  • Unsecured network ports - an entry point to the company network and information assets
  • Printing confidential documents
  • Transmitting non-encrypted print/scan data

Three years since and HP found that organisations were still ill-equipped to deal with any risks of a data breach that might come from a vulnerable endpoint, such as a printer.

The HP Australia IT Security Study, conducted by ACA Research across services, production, retail and hospitality, health and education, and distribution industries found:

  • 57 percent of SMBs have not done any sort of IT security risk assessment in the last 12 months, putting their devices, data, and documents at risk.
  • Of the 43 percent of SMBs that have undertaken a risk assessment, just 29% included printers in their analysis, a device that is increasingly an entry point for data breaches.
  • 63 percent of respondents state their employees work remotely on a regular basis, and as a result, are becoming increasingly concerned about associated security risks - e.g. visual hacking.
  • 63 percent of respondents allow employees access to company data from personal devices.
  • Less than half (44 percent) of respondents have a security policy in place for employees that bring a personal device to work.
  • Only 37 percent restrict the data that can be accessed from the device.

More than half of the organisations surveyed felt they weren't prepared for the Notifiable Data Breaches (NDB) scheme - established by the Privacy Amendment (Notifiable Data Breaches) Act 2017 - which came into effect on 22 February 2018.

The scheme required organisations, covered by the Australian Privacy Act 1988, to inform the Australian Information Commissioner and members of the public if it believes or is aware that its data has been compromised.

The printer is the weakest link that's connected to the production environment and that's where hackers can get in through. Businesses need to bring print security in line with their other [security] models.

According to Paul Gracey, Director, Printing Systems, HP South Pacific, the consequences of a data breach can be severe, from financial to brand and reputation damage.

"Organisations should implement a process to monitor, detect, and report data breaches, but prevention - and reducing the frequency and severity of breaches - is equally important," he said.

"Endpoint security - at the device level - is critical to that mix. Organisations tend to rely solely on third-party software security to protect their devices when, in reality, stronger and better business security must be integrated into the device itself," said Gracey. "With hackers able to bypass traditional network perimeter security and antivirus programs, it's time we scrutinise a hardware's security as closely, if not more, than our external security solutions."

In IDC's MarketScape: Worldwide Security Solutions and Services Hardcopy 2017 Vendor Assessment, the firm found that an organisation's print environment is distinct in that it's central to managing data documents, with information in both digital and paper formats.

"The lack of oversight within the print and document environment leaves businesses vulnerable to data - and device level - security breaches through compromised firmware, unsecured networks and document repositories, and information/data leakage. The end result could be extensive staff time and costs to address the breach, fines, and damage to the business reputation," stated IDC.

The research organisation found companies shouldn't neglect to secure the print environment as part of an overall IT strategy, otherwise, they risk exposing themselves and leaving them vulnerable to significant internal and external cyber threats.

Cybersecurity is an ever-evolving, ever-changing, ever-growing issue for businesses to deal with on a day-by-day basis. Businesses are seeing that the motives and drivers behind cybercrime are evolving and becoming more nefarious. Companies that are concerned about security and regulatory compliance must make printer and document protection a priority.

HP as the leader in security capabilities and strategies

This is why the new HP A3 Enterprise printing range, with world-class built security features, can plug an organisation's peripheral security hole.

According to IDC's MarketScape: Worldwide Security Solutions and Services Hardcopy 2017, HP is already rated as a major player in the space. HP was also recently named the "Most Reliable Business Printer & MFP Brand 2018-2021" at the inaugural Buyers Lab Reliability awards, which recognizes manufacturers whose products are determined to be the most reliable, based on reliability testing by Buyers Lab, a subsidiary of Keypoint Intelligence.

HP's latest A3 MFPs automatically monitor threats, detect intrusions, and validate operating software with security.

The HP A3 MFPs also includes:

  • HP Sure Start, which inspects the BIOS at boot-up. If there's any sign of compromise, it 'self-heals' by deleting the infected software and loading a pristine copy of the BIOS that's hidden directly in the printer.
  • Whitelists ensure that only firmware certified and signed by HP can be loaded onto the MFPs.
  • Run Time Intrusion Detection monitors the device memory for unusual activity. If anything is amiss, the device reboots and self-heals.
  • HP Connection Inspector evaluates outbound network connection requests from the printer. Suspicious activity, once again, triggers a self-healing reboot.

The comprehensive set of security measures in the HP A3 MFPs also include data encryption features for sensitive documents and a secure cloud queue for companies where workers work across several office locations. HP also draws on its decades of expertise in print technology to offer consultative services for companies that are concerned about print security, and help tailor secure printing solutions to meet the needs of any-sized business in any industry.


Explore HP's print security.