13 steps to secure your business printers

Ageing firmware, hackers, lax thinking – just three of the reasons why IT managers need to take printer security more seriously.

The fact that criminals can attack your business network through your printers is both well-known and well documented. What's less certain is just how actively IT departments protect against the threat, especially in smaller businesses. That's why it always pays to check that you've put the right measures in place.

Some of these steps will be common to every printer, while others may only be relevant to workgroup printers. Some may only be supported by specific printers and multi-function devices, while others may require additional software or hardware.

A printer today is 68% more likely to be the source of an external threat or breach than it was in 2016. Download this whitepaper for more details on securing your printers.

Download now

Advertisement - Article continues below
Advertisement - Article continues below

We recommend you run through this set of practical checks every 3-6 months, just to ensure you're keeping your defences up to date and have the most common vectors of attack covered.

Step 1: Apply the latest firmware updates

Every printer manufacturer worth its salt updates firmware on printers in the wake of any discovered vulnerability, so make sure you download the latest version from your manufacturer's website. It may contain fixes for serious security issues or new features that could make your printers more secure.

Of course, if you have any more than a handful of printers then this is a pain, which is why step 2 may be useful.

Step 2: Use admin tools to simplify printer security

One of the reasons IT admins love HP Web Jetadmin is that it's manufacturer-agnostic: yes it's there to help you manage HP printers, but it can manage other manufacturers' printers too. Its simple, web-based interface makes it easy to add new printers, to troubleshoot problems and eases your administration burden. Visit the HP Web Jetadmin homepage for more details.

Advertisement - Article continues below

Step 3: Check your printers' IP addresses

By default you may find that your printer has an external IP address; unless there's a very good reason for keeping it that way, switch to an internal IP address. For extra security, consider restricting access to a specific LAN or subnet.

Step 4: Consider enforcing a PIN-only or badge-only policy

Many modern business printers include a PIN system, and we recommend you enforce it. By making employees physically enter a PIN on the printer to start their print job, you'll immediately ensure confidential documents don't get left on the out tray. It also means far fewer wasted pages, as users either forget they've printed something and leave it there or print it a second time by mistake.

Advertisement - Article continues below

If your employees already use security badges, then a "badge-only" policy makes a lot of sense. It's exactly the same idea as requiring a PIN but instead a user must swipe their badge on a dedicated pad located on the printer to authorise the print job.

Step 5: Make sure your printer's hard disk is encrypted

Advertisement - Article continues below

This is a simple one but often forgotten. As you'd expect, it means that even if someone grabs the disk then your data is safe but it's also good long-term protection, just in case the printer is passed on to a reseller and you accidentally leave confidential information on the drive. The simplest way to ensure your printer's hard disk? Simple: check that it's encrypted when you buy it (all HP printers that include hard disks are encrypted by default). As a final step, make sure your hard disk is professionally wiped if you sell on or scrap the printer.

Step 6: Make sure remote printing is secure

You may find that older, insecure remote access services and protocols are on by default. If so, disable them. We all want employees to feel they can print from phones, tablets and laptops, but use secure formats such as HP wireless direct printing or NFC touch-to-print. Need a more strategic approach for a fleet of mobile users? Then check out HP JetAdvantage Connect.

Step 7: Encrypt lines of communication

If you do want to administer a printer via the web, then enable SSL to ensure all communication takes place over https. It's also a sensible precaution to prevent wireless snoopers intercepting confidential print jobs by encrypting the data in transit. HP's Universal Print Driver, for example, provides AES256 encryption.

Step 8: Replace older printers

Advertisement - Article continues below

This guide is written in association with HP, so you would be sensible to read any advice that says "replace your printer" with some cynicism. However, it's worth noting that HP's latest printers are its most secure ever, for all sorts of reasons. For example, HP Sure Start, found in its most recent business printers, checks the BIOS when your printer boots and if a compromised version is found switches to a safe, "golden copy" of the BIOS.

Meanwhile, run-time intrusion detection helps to guard printers from attack when switched on, by hunting out anomalies in memory or firmware that are hallmarks of a threat. In short, the older your printer, the less secure it's likely to be. Plus you'll benefit from a quieter, quicker and better quality printer if you upgrade.

Advertisement - Article continues below

Step 9: Enforce an "empty out tray" policy

It's amazing how many printed documents lie abandoned on the out tray at 5.30pm, sometimes with confidential information often about your own employees. By emphasising a policy whereby if you print it, you pick it up, you'll reduce this risk.

Another way to do this is to enable pull printing, when print jobs only print when authenticated at the printer. The authentication might involve nothing more than typing in a PIN code (see step 4) or it might involve biometric security, a smart card or some other physical token. This ensures that only those who start and then authenticate a print job can pick it up from the output tray.

Step 10: Make shredding easy

Advertisement - Article continues below

If it's much easier for people to put sensitive documents in the recycle bin than in the shredder, they will. While you may not want a shredder next to every printer, make sure employees know where to find their nearest shredding machine.

Step 11: Secure your ports

Many printers allow jobs to be submitted to the print queue through SMTP, FTP, Telenet and USB ports. Unfortunately, the same protocols and the network ports used to service them can be used by attackers as a means of retrieving documents and information. If you don't need them, disable them using the Web management interface to cut back the potential for an attack. Again, an admin tool such as HP Web Jetadmin (see step 2) will help.

Print security should be a priority for every business, but all too often it's ignored. Learn how to avoid printer security breaches in this whitepaper.

Download now

Step 12: Set a reminder

Advertisement - Article continues below
Advertisement - Article continues below

Whatever the size of your organisation, you should have baseline, standard policies for printer security and some means of enforcing them, preferably through centralised tools, but if not, through manual configuration.

Book a date in your diary to run through the checks again. It could be that a software/firmware update has dropped that changes default settings, or a user/administrator has loosened your security with your knowledge.

Step 13: Find out how secure your printers are

Want to find out exactly how secure your printers are? HP provides a simple "Secure Print Analysis" tool that's free to use, no strings attached. Visit it now.

Featured Resources

Digitally perfecting the supply chain

How new technologies are being leveraged to transform the manufacturing supply chain

Download now

Three keys to maximise application migration and modernisation success

Harness the benefits that modernised applications can offer

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

The 3 approaches of Breach and Attack Simulation technologies

A guide to the nuances of BAS, helping you stay one step ahead of cyber criminals

Download now


mergers and acquisitions

Xerox to nominate directors to HP's board – reports

22 Jan 2020

The IT Pro Products of the Year 2019: All the year’s best hardware

24 Dec 2019
internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019

Best printers 2020

18 Dec 2019

Most Popular

operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020

Windows 10 and the tools for agile working

20 Jan 2020
Microsoft Windows

What to do if you're still running Windows 7

14 Jan 2020
web browser

What is HTTP error 503 and how do you fix it?

7 Jan 2020