With cybercrime rates in South Africa skyrocketing, businesses are increasingly conscious of the need to protect their in-office and remote IT set ups from ill-intentioned hackers.
Yudheer Harbhajun, business print sales manager for Epson South Africa, says that while businesses tend to focus on securing laptops and other smart devices on its network, they shouldn’t neglect the security of the seemingly harmless equipment in their offices, especially printers.
“Printers are typically overlooked in cyber security strategies because people don’t realise that they are no longer the forgotten piece of furniture in the corner with basic print, scan, fax functions.
“Nowadays they are smart devices much like the ones in our pockets, capable of accessing the internet as well as your internal network, potentially gaining access to all devices on that network. This makes printers an easy gateway for cyber criminals attempting to hack a business’ systems and sensitive information,” says Harbhajun.
Case in point: a 2022 ‘ethical hacking’ team successfully gained access to 27 944 printers, printing a PDF document with a step-by-step guide to better secure printers and proving why printer security is so important.
This is because, in addition to providing easy access to other devices, printers can also store sensitive information, which includes every document that has been printed, scanned, or shared through it, making printers an unlikely but effective target for cyber attackers. With modern printers connected to company emails, it’s also worth noting that hackers can access and email sensitive information to themselves.
With multifunction printers increasingly in use across workplaces, there are a host of other cyber risks for businesses to consider. These include how easy it is to simply walk over to a printer and access information available in its storage, as well as hackers having the printer connect a malicious network, which is then used to embed harmful code across its connected devices and networks.
Epson also actively pursues strict 3rd party security evaluations and certifications (such as Common Criteria and BLI Penetration Testing) to offer customers peace of mind that security is a top priority in our product development lifecycle.
“Securing a printer doesn’t involve steps or measures that are likely to vary to your current security measures for workplace devices. The process is just as simple and easy to implement, and doing so can save organisations millions of rands, stress and disruption,” adds Harbhajun.
Security measures to consider
Printer security comes down to a few basic steps that many business leaders would already know of but may just need a reminder on. These include installing firewall software, selecting the option to ‘forget network’ on printers in printer settings, and changing pins and passwords at least every two months. This is the first step to ensuring lowering the chances of a security breach.
Additional basic measures businesses can easily implement are regular software and firmware updates (rather than dismissing update notifications or scheduling for later), switching to reliable cloud printing services, and enabling access controls on multifunction devices where possible.
Implementing two factor authentication for printers that support it will require users to input a verification code in addition to a password each time they log in. This is an essential added layer of security.
In line with the above Epson uses a proprietary operating system and custom system-on-chip (SoC) design on multifunction devices, which is not shared by any other vendor or manufacturer. The operating system (OS) also does not allow code to run natively as it has been designed to run third party software as a web page – preventing any attacks to the printer via a rogue piece of malicious code.
Additionally, it’s imperative that businesses instil a sense of security consciousness in employees who make use of printers by providing training or information on best practice procedures to follow when using and connecting to office printers and other devices.
“Businesses in South Africa, especially small businesses without IT departments or specialist support, are at increasing risk of falling prey to cybercrimes through easy breach points like their printers. Countering these risks means businesses must start thinking like hackers, considering every conceivable entry point a criminal might use, and implementing as well as maintaining the right security measures,” concludes Harbhajun.