Sponsored

13 steps to secure your business printers

Ageing firmware, hackers, lax thinking – just three of the reasons why IT managers need to take printer security more seriously.

The fact that criminals can attack your business network through your printers is both well-known and well documented. What's less certain is just how actively IT departments protect against the threat, especially in smaller businesses. That's why it always pays to check that you've put the right measures in place.

Some of these steps will be common to every printer, while others may only be relevant to workgroup printers. Some may only be supported by specific printers and multi-function devices, while others may require additional software or hardware.

A printer today is 68% more likely to be the source of an external threat or breach than it was in 2016. Download this whitepaper for more details on securing your printers.

Download now

Advertisement
Advertisement - Article continues below

We recommend you run through this set of practical checks every 3-6 months, just to ensure you're keeping your defences up to date and have the most common vectors of attack covered.

Step 1: Apply the latest firmware updates

Every printer manufacturer worth its salt updates firmware on printers in the wake of any discovered vulnerability, so make sure you download the latest version from your manufacturer's website. It may contain fixes for serious security issues or new features that could make your printers more secure.

Of course, if you have any more than a handful of printers then this is a pain, which is why step 2 may be useful.

Step 2: Use admin tools to simplify printer security

One of the reasons IT admins love HP Web Jetadmin is that it's manufacturer-agnostic: yes it's there to help you manage HP printers, but it can manage other manufacturers' printers too. Its simple, web-based interface makes it easy to add new printers, to troubleshoot problems and eases your administration burden. Visit the HP Web Jetadmin homepage for more details.

Step 3: Check your printers' IP addresses

By default you may find that your printer has an external IP address; unless there's a very good reason for keeping it that way, switch to an internal IP address. For extra security, consider restricting access to a specific LAN or subnet.

Step 4: Consider enforcing a PIN-only or badge-only policy

Many modern business printers include a PIN system, and we recommend you enforce it. By making employees physically enter a PIN on the printer to start their print job, you'll immediately ensure confidential documents don't get left on the out tray. It also means far fewer wasted pages, as users either forget they've printed something and leave it there or print it a second time by mistake.

Advertisement
Advertisement - Article continues below

If your employees already use security badges, then a "badge-only" policy makes a lot of sense. It's exactly the same idea as requiring a PIN but instead a user must swipe their badge on a dedicated pad located on the printer to authorise the print job.

Step 5: Make sure your printer's hard disk is encrypted

This is a simple one but often forgotten. As you'd expect, it means that even if someone grabs the disk then your data is safe but it's also good long-term protection, just in case the printer is passed on to a reseller and you accidentally leave confidential information on the drive. The simplest way to ensure your printer's hard disk? Simple: check that it's encrypted when you buy it (all HP printers that include hard disks are encrypted by default). As a final step, make sure your hard disk is professionally wiped if you sell on or scrap the printer.

Step 6: Make sure remote printing is secure

You may find that older, insecure remote access services and protocols are on by default. If so, disable them. We all want employees to feel they can print from phones, tablets and laptops, but use secure formats such as HP wireless direct printing or NFC touch-to-print. Need a more strategic approach for a fleet of mobile users? Then check out HP JetAdvantage Connect.

Step 7: Encrypt lines of communication

If you do want to administer a printer via the web, then enable SSL to ensure all communication takes place over https. It's also a sensible precaution to prevent wireless snoopers intercepting confidential print jobs by encrypting the data in transit. HP's Universal Print Driver, for example, provides AES256 encryption.

Step 8: Replace older printers

This guide is written in association with HP, so you would be sensible to read any advice that says "replace your printer" with some cynicism. However, it's worth noting that HP's latest printers are its most secure ever, for all sorts of reasons. For example, HP Sure Start, found in its most recent business printers, checks the BIOS when your printer boots and if a compromised version is found switches to a safe, "golden copy" of the BIOS.

Meanwhile, run-time intrusion detection helps to guard printers from attack when switched on, by hunting out anomalies in memory or firmware that are hallmarks of a threat. In short, the older your printer, the less secure it's likely to be. Plus you'll benefit from a quieter, quicker and better quality printer if you upgrade.

Advertisement
Advertisement - Article continues below

Step 9: Enforce an "empty out tray" policy

It's amazing how many printed documents lie abandoned on the out tray at 5.30pm, sometimes with confidential information often about your own employees. By emphasising a policy whereby if you print it, you pick it up, you'll reduce this risk.

Another way to do this is to enable pull printing, when print jobs only print when authenticated at the printer. The authentication might involve nothing more than typing in a PIN code (see step 4) or it might involve biometric security, a smart card or some other physical token. This ensures that only those who start and then authenticate a print job can pick it up from the output tray.

Step 10: Make shredding easy

If it's much easier for people to put sensitive documents in the recycle bin than in the shredder, they will. While you may not want a shredder next to every printer, make sure employees know where to find their nearest shredding machine.

Step 11: Secure your ports

Many printers allow jobs to be submitted to the print queue through SMTP, FTP, Telenet and USB ports. Unfortunately, the same protocols and the network ports used to service them can be used by attackers as a means of retrieving documents and information. If you don't need them, disable them using the Web management interface to cut back the potential for an attack. Again, an admin tool such as HP Web Jetadmin (see step 2) will help.

Print security should be a priority for every business, but all too often it's ignored. Learn how to avoid printer security breaches in this whitepaper.

Download now

Step 12: Set a reminder

Advertisement
Advertisement - Article continues below

Whatever the size of your organisation, you should have baseline, standard policies for printer security and some means of enforcing them, preferably through centralised tools, but if not, through manual configuration.

Book a date in your diary to run through the checks again. It could be that a software/firmware update has dropped that changes default settings, or a user/administrator has loosened your security with your knowledge.

Step 13: Find out how secure your printers are

Want to find out exactly how secure your printers are? HP provides a simple "Secure Print Analysis" tool that's free to use, no strings attached. Visit it now.

Advertisement
Related Resources

Application security fallacies and realities

Web application attacks are the most common vulnerability, so what is the truth about application security?

Download now

Your first step researching Managed File Transfer

Advice and expertise on researching the right MFT solution for your business

Download now

The KPIs you should be measuring

How MSPs can measure performance and evaluate their relationships with clients

Download now

Recommended

Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019
Visit/hardware/34588/hp-elite-dragonfly-hands-on-review-a-potential-xps-killer
Hardware

HP Elite Dragonfly hands-on review: A potential XPS killer

9 Oct 2019
Visit/security/innovation-at-work/24460/what-is-data-encryption
Security

A complete guide to data encryption

30 Sep 2019
Visit/laptops/34468/hp-elitebook-x360-830-g6-review-above-the-fold
Laptops

HP EliteBook x360 830 G6 review: Above the fold

26 Sep 2019

Most Popular

Visit/operating-systems/25802/17-windows-10-problems-and-how-to-fix-them
operating systems

17 Windows 10 problems - and how to fix them

4 Nov 2019
Visit/domain-name-system-dns/34842/microsoft-embraces-dns-over-https-to-secure-the-web
Domain Name System (DNS)

Microsoft embraces DNS over HTTPS to secure the web

19 Nov 2019
Visit/strategy/28115/the-pros-and-cons-of-net-neutrality
Business strategy

The pros and cons of net neutrality

4 Nov 2019
Visit/social-media/34844/can-wikipedia-founders-social-network-really-challenge-facebook
social media

Can Wikipedia founder's social network really challenge Facebook?

19 Nov 2019