01732 759725
40
VOX POP
Hackers have
the potential
to gain access
to printers via
the device’s
web page,
where they
can then view
potentially
sensitive
information
as Papercut, allows the user to capture
a thumbnail of all documents printed, by
whom and to which machine. This level of
monitoring will at the very least, allow the
perpetrator of any theft or improper use
of data, to be traced. More importantly
though, how many customers ask for the
multifunctional device to be data cleared
and formatted before it leaves their site,
ensuring that after disposal their data is
not open to abuse?”
Grant Howard:
“As printers become
more involved in organisations’ networks,
and begin to take on increasingly complex
functions, new areas of vulnerability
appear, which can threaten the stability of
the entire network.
“An unsecured print infrastructure
opens up new opportunities for hackers
and it provides them with an increased
parameter to try and compromise. By way
of example, hackers have the potential to
gain access to printers via the device’s web
page, where they can then view potentially
sensitive information. Even though some
devices have passwords, these are usually
left as default and a quick search on the
internet will tell a hacker what it is. And,
where the password has been changed,
a simple network management protocol
(SNMP) can be used on some devices to
find out what it is.
“Some of the information available to
hackers consists of document names and
the user that printed it. Some will even
show the department for the user and their
active directory username. What’s more, if
this device is internet facing, as some are,
an outsider can access this information
and could potentially use it for social
engineering as well as creating worms and
malware. There have even been incidents
reported of some hackers that are using
the lack of safeguards in this area to get
information inside the organisation.”
Mark Smyth:
“There are several risks
ranging from the confidentiality of
documents left on a printing devices,
through to the potential to access the
device and its stored content. When you
think about today’s printing technology,
printers are more like a PC than ever
before with BIOS, firmware, hard disk
drives, ports etc. Whilst vendors are
continually improving security and certainly
some are far better than others, the
principles of the internet and an IP address
apply with the strength of the device
security BIOS, memory and firmware, and
the IT infrastructure key to prevention.”
Steve Small:
“There are many risks of
an unsecured print infrastructure. These
risks being increased by the greater use of
networked and web-enabled devices.
“The most obvious risk that an
unsecured printer poses is allowing
unauthorised individuals to access
documents that have either already been
printed, or documents that are being
sent through a wireless connection to
be printed. If these documents contain
sensitive information, in the case of our
customers, a student’s SEN statement or an
employee’s personal data, the damage to
individuals and a business can be severe.
“Data encryption and data overwrite is
vital, especially when the device is at end of
life or is re-positioned. Networked and web-
enabled devices should utilise appropriate
protocols to prevent unauthorised access
and vulnerability to viruses.”
Clive Hamilton:
“An unsecured print
environment could simply be catastrophic
to a business. Our need for immediate
access, the ability to provide mobile
working and store our data in cloud
systems for immediate collaboration has
driven the deployment of smarter and
smarter devices, all networked and linked
by easy to use app-based interfaces.
“The need for quick and easy
accessibility and collaboration of print
devices means that now you don’t need
a computer, tablet, phone or even a
notebook, to access a file on a server. An
unsecured printer could allow you access
to that data, in a few simple clicks you can
share/print and scan documents that could
cause irreparable damage to a business.”
Adam Gibbons:
“The risks can be
loosely split into two categories; the
risks unsecured devices are vulnerable to
internally and externally. Internally, devices
that do not have any secure print measures
in place can give rise to situations where
confidential documents are printed and
left unclaimed on a device. In those
scenarios, documents could be picked up
by those unauthorised to view them; for
instance, a Human Resource team may
print a confidential spreadsheet showing
everyone’s salary, and leave it unclaimed
on a device used by the sales team. Or, a
hospital department may print a patient
record and leave it unclaimed on a device
that’s left in a public area. A further risk in
healthcare, is when multiple patient letters
are sent to one device, and due to a lack of
secure print functionality, patient records
are sent to the wrong recipients.
“Other private sectors – such as
financial services, for example – are also
required to honour specific regulation and
compliance criteria around their customer
data, so they too need to consider those
responsibilities in the context of their
Tim Harman,
co-founder,
Annodata
...continued
Simon Riley,
Sales Director,
Direct-tec
Matt Goodall,
Service Director,
Office Evolution
