Although intrusion detection systems and robust firewalls are necessary for protecting companies of any size, sometimes there are scary threats to the business lurking just inside the company walls.
Case in point: your laser printer.
Many enterprises and small businesses, even those that are tech savvy, forget to include printer protection in their security mix, because they’re focused instead on more traditional types of risks like malicious viruses and hacker attempts. Yet printers have the capability to store massive amounts of information, and that data can get accessed.
In 2011, two Columbia University researchers discovered that HP LaserJet printers didn’t require a signature or certificate to identify the source of remote software updates. Since a LaserJet checks for software updates whenever a new job is sent, this means that the laser printers were creating security risks every single time it was utilized for printing.
The researchers sent a virus-filled print job into the queue, in the form of a tax return. Using the printer flaw, they were able to redirect the information to a remote computer representing an external hacker’s laptop.
First rolled out in 1984, LaserJet printers are used in millions of businesses, and newer models can accept jobs through Internet connections, which simply exacerbates the security risk, the researchers believe.
The threat isn’t just with HP laser printers, either. Any printer that utilizes software updates and features an Internet connection might present a risk. Here are three simple steps to making sure you’re protected:
Change the default password. Even when printers are networked, companies tend to keep the default password because they view the machine as an internal resource, not a source of information to external parties. Simply changing the password goes a long way toward blocking remote access.
Keep the firmware updated. Printer manufacturers often release updates to firmware, especially when security issues are detected. Much like a laptop or desktop computer, frequent security patches and fixes are necessary to block the newest threats.
Don’t network unless necessary. Although some companies use one laser printer for a department, there are some instances where a printer is assigned to an individual. In that case, connect the printer directly to the computer and keep it off the network.
Whenever a machine is networked, keep security in mind — this applies to servers, photocopiers, even VoIP phone systems. Where there’s an opening, there’s a problem. Prevent issues by locking down your laser printers and keeping your company in tip-top security shape.
Reference: OnForce Inc
No comments:
Post a Comment