The number of Internet of Things (IoT) devices in the world today has skyrocketed to over 8 billion connections across the globe. Taking shape as wearables like watches, personal assistant devices or even vehicle navigation systems, these devices can communicate with us, with other applications and even each other through internet connections.
While these innovations have had a revolutionary impact on connecting the world, they also introduce risk to areas in the workplace, requiring business owners to relearn what they know about security. As the number of connected devices grows, they create volumes of data — the likes of which we’ve never experienced. And when they harbor sensitive data, devices previously thought of as safe create blind spots in security management for many businesses.
Take for instance the humble office printer.
Printers are rarely top-of-mind when it comes to IT security, but the days of the mundane office printer are long gone. Today’s multi-functional devices are vastly sophisticated, high-operation hubs, holding some of a business’s most valuable and sensitive data from financial records to client data and even key network intel, representing a massive opportunity for hackers and a giant risk on the radar for financial and information managers in need of cohesive security programs.
Businesses need to minimize the threat from this new reality and eliminate security oversight in the office of things. Let’s explore how IoT devices create security blind spots and how you can identify and correct these practices to protect your business.
What are IoT blind spots?
More than 50% of all corporate network activity comes from mobile devices. This leaves managers and IT departments with the huge challenge of limiting risk posed by connected devices. However, these threats aren’t exclusively present in devices outside the ‘traditional’ office network, even devices within the physical confines of the office can pose a serious risk.
In the past, printer security would be considered creating an access code to use the device or training employees on handling sensitive materials. However, nowadays it isn’t just physical documents that pose a risk to your business. Today’s printers are fully-functional computers that have a printer, scanner, photocopier and a fax machine, as well as an email platform with local storage, wireless networking and their own operating system. More so, a large proportion of multi-function printers (MFPs) store data electronically and without strict control over printer settings or internal storage.
This leaves room for hackers to access valuable personal or business information stored within the device. Once access is gained through this back door, a business’s entire network of connected devices is left vulnerable to attack. One weak link or blind spot can compromise your whole network. As such, security experts need to prioritize network printers accordingly.
What are the dangers of blind spots?
When you consider the type of information IoT devices and IoT printers generally host, it’s often business-critical data. These connected devices are used to share the information we most need to be copied, printed, scanned and shared. Largely, it’s information that requires specific security measures.
A study by Booz Allen Hamilton found that of 61% of survey respondents who reported a data loss incident in 2016, at least 50% had at least one such incident linked to a printer.
These security incidents included digitally intercepted print jobs, loss of data from printer hard disks, mailing of documents via multifunction printers to external sources and printers getting hacked to gain network access.
With all the measures taken to safeguard smartphones, laptops and corporate networks, printers can often be a serious blind spot in the security chain. With the implementation of GDPR, the risks posed to a business, both in terms of financial penalties and reputational damage, will increase exponentially. Companies must ensure that every link in their security chain is secure, not just the areas with obvious exposures.
Identify and control blind spots
Unfortunately, MFPs are dynamic devices that can be exploited in a number of ways. In 2008 researcher Aaron Weaver published an article describing how a web page can be created for launching print jobs on any visitors’ printers. But for the concern of protecting sensitive client or business information and avoiding legal consequences thereof, here are a few key steps you can take to prevent your printer from being accessed by bad actors.
How to protect your IoT printer from attacks:
- Determine if it’s absolutely necessary for your printer to be connected to the internet
- Deploy your IoT devices on a secure network
- Disable any printer settings that involve printing over the Internet
- Change your username and password (if your printer uses login credentials); never keep the default values
- Close router ports 9100, 515, and 721–731 (see your router’s user manual to find out how)
- Turn off your printer when it’s not in use
The reality is that office networks, unless regularly checked, can quickly become dangerous places for private and sensitive personal and company information. All too often the stringent security measures put in place to protect data managed by IT are not applied to office devices that are used to print, capture and share them.
While the responsibility to secure your network and devices should be managed by your IT department, your company should also train staff on using devices in a secure manner and your leadership should consider creating a policy for keeping information confidential throughout the entire document lifecycle.
Until printer manufacturers are offering software patches to prevent hacking, businesses need to get visibility into their printer security and build continuous network monitoring into their environments in order to monitor printers the same way they do with network firewalls, switches, routers and servers.
If you’re unsure about security blind spots arising from IoT devices in your network, contact us for a free security audit and we’ll review your system for vulnerabilities.