Cybersecurity is high on every organisation’s agenda in a world of hybrid working, digital transactions, high profile data breaches, and strict data privacy rules backed by tough penalties.

By Chris Kruger, MD of Nashua Kopano

Despite the vast sums of money businesses spend on securing data and systems, one part of the ICT infrastructure needs more attention – namely, printing.

Global research from Quocirca finds that 61% of organisations experienced data losses in 2023 due to unsecure printing practices and 70% of organisations are dependent on print-driven processes.

Yet the organisations responding to the survey almost universally regard employer-owned home printers and the office print environment as relatively low priorities.

This isn’t surprising, given that companies have had their hands full responding to challenges such as social engineering and ransomware attacks. Yet it’s important to take note of the multiplying list of print-related attacks, with print offering an increasingly attractive surface for botnet, ransomware, and denial of surface attacks.

As companies harden other aspects of their endpoint and perimeter security, it is almost inevitable that hackers, rogue employees, malware authors and other bad actors will seek out new vulnerabilities in corporate IT infrastructure. For many organisations, office automation devices risk becoming the soft underbelly of their cybersecurity protection.

By some estimates, there are as many as 200 vulnerabilities within a typical printing device. The list of security holes has grown in recent years because today’s printers, copiers, and multifunctional peripherals (MFPs) have evolved into computers in their own right, with hard drives, cloud connectivity and the ability to run apps.

Even in that context, some organisations neglect the best practices and policies that apply elsewhere in their IT environments, such as insisting on complex passwords, keeping software such as drivers and firmware up to date to address new vulnerabilities, and conducting regular penetration testing.

In addition, compared to PCs or smartphones, print security offers some unique challenges. Whereas there are only a handful of mobile and personal computer operating systems in common use today, many companies are running heterogenous print environments with each print vendor running its own firmware.

Security for these devices generally is managed separately from the tools and processes used for the rest of the organisation’s perimeter and endpoint protection. It also proves difficult to implement a zero-trust (never trust any traffic or user, always authenticate everyone and everything) policy across shared printers without harming productivity.

Accidental leaks can be devastating if they involve personally identifiable information or sensitive data like credit card numbers. In addition, in an unsecure print environment, malicious insiders could steal information by photocopying or printing it when they can’t copy or send it electronically.

To address this threat environment, companies like Nashua understand the print, copy, and document management environment.

With security threats in the print environment evolving, now is the time for companies to address weaknesses in access control and trust. The right tools and policies can prevent attacks via unauthorised access and leakages of sensitive information.