Office Printers – A Gateway for Hackers?

My last post dealt with gaps in coverages provided by cyber liability insurance policies.  I recently came across an article in Legaltech News that reminded me how many gaps there are in a business’ computer network that, if not properly protected, can be an entry point for the hacking of that network.  While the ability of modern printers to perform more than one function has eliminated the need for separate scanners and telefax and copy machines, that multi-function ability makes them vulnerable to hackers.

To perform its many functions, today’s printer must be connected to a business’ computer and telecommunications networks and it must have a hard drive on which information can be stored.  The printer’s ability to send and receive telefaxes and to send scanned documents to e-mail addresses makes it vulnerable to outside attack, and its connection with the business’ computer network gives a hacker potential access through it to other devices on that network, not to mention all the data stored on the printer’s hard drive.

To close the gap that a multi-function printer creates in a business’ computer network, it should be protected just like the desktop computers and any other devices that are connected to that network.  This means such a printer should be behind the network’s firewall, any security features it may have installed should be activated and continually updated, any default passwords for it should be replaced, and access to its features should be limited by passwords or other controls.  It is also a good idea to encrypt all data that is sent to or from the printer and at the least, to encrypt the data that is stored on its hard drive.  In addition, if possible, limitations should be placed on the destinations to which the printer can e-mail or telefax data or documents.

Finally, old printers, like lost laptops or smart phones, can lead to a data breach, if their hard drives are not wiped clean before they leave a business’ offices.