Advertisement Feature

Why your printer could be your GDPR blindspot

Something as simple as your printing network could turn into a security nightmare under GDPR

Companies operating both within the EU and the UK have until 25 May 2018 to ensure they are fully compliant with new rules set out under the EU's General Data Protection Regulation (GDPR), governing the protection of data and the security of a business.

Industries of all types have already started shoring up their defences and reshaping the way they handle data, yet all that hard work is likely to be undone by something as seemingly innocuous as a printer.

Print security obligations under GDPR remain one of the most misunderstood areas of the new regulations, potentially creating a blind spot that could not only lead to a data breach, but also substantial fines for non-compliance.

Just 50% of public sector companies were aware of the implications of GDPR for their operations, research carried out by document solutions provider Kyocera Document Solutions UK found. In addition, only 73% felt they were suitably prepared to meet the obligations around print security. What's perhaps most concerning is that of the 161 organisations surveyed, only 44% had a strategy in place to manage their print environments.

Advertisement - Article continues below
Advertisement - Article continues below

Printing technology has changed rapidly over the past decade, and it's clear that businesses have failed to keep pace with the emerging security needs. Historically, printing has always been relatively isolated from the wider system, but the push to the cloud has created the need for connected hardware that's able to handle any task, at anytime, from anywhere, in the form of multi-function peripherals (MFPs).

These IoT-based MFPs are able to print, fax, scan, and copy as an all-in-one service that's connected not only to a business's internal network, but also to the internet to access all the various devices used by employees. Today, employees expect to be able to share their work with centralised hubs that save their documents until they're ready to collect them. As a result, workplace printing has never been as efficient and convenient, yet those sought-after capabilities could in fact present a security nightmare under GDPR.

As with any device that's connected to the internet, MFPs are susceptible to unwanted snooping. Without effective security protocols, unauthorised users are able to gain access to a printing network and any document that has been sent to a machine. What's more, most machines also make use of facilities such as scan to email, scan to cloud, or scan to internal storage, which could all be compromised to either steal sensitive data in bulk, or reroute future correspondence to external addresses.

Although Kyocera's research demonstrated a clear lack of understanding within the public sector, the problem is far more prolific within private sector industries. A report by technology analyst firm Quocirca found that only 22% of private organisations said they placed a high priority on print security, despite the fact that 63% of respondents admitted they had suffered a data breach as a result of a vulnerable print network.

The problem is that MFPs rarely have the default security functions to deflect hacking attempts. Default login credentials and unconfigured connection settings are juicy targets for any would-be hacker, and these are typically left unchanged by users.

A hacker was able to hijack 160,000 unsecure IoT-enabled printers in February, showing how hacked MFPs could be used to remotely leak sensitive documents, including anything saved on internal storage or shared through a network.

Advertisement - Article continues below

Fortunately the hacker was simply trying to highlight the issue of printer security, but he did demonstrate that printers from some of the world's leading brands had misconfigured, and highly exploitable, default settings - in this case Internet Printing Protocol (IPP) ports left open to external connections.

This is important within the context of GDPR, as something as small as a misconfigured printer could lead to a fine capable of crippling a business's operations.

Aside from the reputational blow a company may sustain from a data breach, the real damage will be felt from the resulting regulatory action. Regulatory authorities, such as the UK's Information Commissioner's Office (ICO), are able to levy substantially higher fines against non-compliant companies under GDPR.

Whereas the current maximum fine stands at 500,000, the new rules stipulate that a company could be fined up to 4% of annual turnover, or 20 million, whichever is higher. To put that into perspective, TalkTalk's 400,000 fine in April, which is the highest a company has faced in the UK, would have been a whopping 59 million under GDPR.

Advertisement - Article continues below

That's a multi-million pound incentive to make sure you're protecting every scrap of data being fed into your printing systems.

Maintaining the security of an MFP network is a daunting task. The sheer number of potential weak spots on your system, not to mention the various differences that exist between printer brands, makes performing regular manual checks for vulnerabilities unfeasible.

Advertisement - Article continues below

As with other IoT devices, there are tools available that provide a complete overview of your system, and cut down on a lot of the hard work.

SecureAudit, a new tool by document solutions provider Kyocera, offers a simple method for users to scan their MFPs for vulnerabilities, including misconfigured ports and default user credentials. It has been developed specifically with GDPR in mind, providing a simple way for companies to ensure they are compliant with security obligations.

SecureAudit is offered as part of Kyocera's larger suite of application software, which also includes Net Manager, a locking system that only releases documents when a user has authorised them from an MFP, and automatic deletion to prevent old data from being stolen.

To find out more about SecureAudit and Kyocera's range of printing solutions ahead of GDPR, click here.

Kyocera is a leading document solutions provider based in the UK, offering a range of software and security applications, as well as multi-functional printers and maintenance services.

Featured Resources

Transform the operator experience with enhanced automation & analytics

Bring networking into the digital era

Download now

Artificially intelligent data centres

How the C-Suite is embracing continuous change to drive value

Download now

Deliver secure automated multicloud for containers with Red Hat and Juniper

Learn how to get started with the multicloud enabler from Red Hat and Juniper

Download now

Get the best out of your workforce

7 steps to unleashing their true potential with robotic process automation

Download now



Lexmark C3224dw review: Cheap, but not necessarily good value

14 Dec 2019

Xerox VersaLink C500DN review: Appy days

3 Dec 2019

Choose the right colour printer for your business

29 Nov 2019

Epson WorkForce Pro WF-C5290DW review: A green giant

21 Nov 2019

Most Popular


Patch issued for critical Windows bug

11 Dec 2019

Buy IT to grow, not slow, your business

25 Nov 2019
Microsoft Azure

Microsoft, not Amazon, is going to win the cloud wars

30 Nov 2019

Microsoft to scrap Security Essentials when Windows 7 reaches end-of-life

13 Dec 2019