Jeremy Daniel

Find Competitive Advantage through AWS by Partnering With The Experts

Setting up your cloud configuration is too important to not involve the experts MediaTemple & CloudTweaks Thought Leadership Brand Series So many great business ideas fail at the moment when strategy must turn to execution. Even the best laid plans often come to nothing, drowned
/
Endpoint Security

Your Ability to Recover From Disaster Depends on Your Willingness To Prepare

The best disaster recovery strategies are baked into your digital infrastructure from the very beginning The 1986 nuclear disaster at Chernobyl in the Soviet Union has been on people’s minds a lot lately, following the groundbreaking HBO series that examined the failures of leadership before
/
Steve Prentice CloudTweaks

How Printers Help Hackers Hide In Plain Sight

Printers and Hackers

Spies and thieves often do their best work by hiding in plain sight. No one suspects the person sipping coffee at the table across from you in the coffee shop – the one who happens to be reading your computer through the unsecured Wi-Fi. No one ever thinks that the PIN they enter at the ATM or debit card terminal is being watched by someone a few feet away. Few people consider the danger of including their real birthdate when opening a membership online. And certainly no one ever suspects the printer of anything at all except occasionally needing paper.

But these are all examples of how we use technology daily to solve our immediate concerns without additional thought. Life would be very hard without Wi-Fi, ATMs and printers. Their roles are as quiet, subservient support technologies. They are the discreet butlers of our digital lives. No one ever suspects the butler.

It is for that reason – that lack of diligence – that printers have become the gaping hole in the wall of cybersecurity. Companies spend billions of dollars annually seeking to protect networks and ensure that computers are safe and virus free. But few people pay attention to the silent peripherals.

Decision makers seldom hear about hacks through printers. To the average, honest working person, they are simply output devices. But to the wearers of the black hats, they are willing and compliant access points, not only to a company’s existence, but beyond, to everything that company is connected to, out there on the internet.

The most infamous DDoS attack in recent memory happened on October 21, 2016, when a brand of malware called Mirai brought Netflix, Twitter, Amazon and others to a crawl. Experts believe this malware made its entrance through an unprotected Internet of Things (IoT) device like a printer, a router or a camera. These are devices that are seldom protected by vigorous passcodes and anti-hacking tools. They’re just simple devices after all.

But this is where innocence and naiveté have no place. The belief that such devices are low risk, having little value to hackers, is fatally incorrect. To remain unaware of just how a sophisticated hacker can use an unsecured printer to access the network is precisely the type of thinking that can bring companies down. To forget just what lives inside a printer – images of documents, user credentials – is downright dangerous.

Get Everything and Everyone into the Audit

Every device, no matter how innocent looking, must be included inside a rigorous and regular security audit, must be monitored regularly, and must be brought up to speed in terms of security software. If a device can communicate, if it has a computer inside, no matter how small, it can be compromised.

The people who use these devices must be trained in the same type of hygiene that they currently (hopefully) apply to their network passwords and laptops. There must be a mechanism to enforce policies.

It’s Not Just External Spies

Printer security does not end with shoring up the software. Companies must also consider the people on the inside who are using these devices daily.

  • How are they sending? Wirelessly? Is this allowed? Is it being done securely?
  • Are they sending to a remote printer in an office miles away? If so, who might be there? What might they see?
  • Are they operating within normal behavior patterns? For example, when a person who generally makes five copies a day, makes a few hundred copies on a quiet Sunday morning, this is an unusual behavior pattern worthy of investigation.
  • Do your printers have whitelists or credential tables allow specific access and activity privileges to each employee?
  • Are passwords being used correctly and changed regularly? Are employees complying?
  • Are employees actually communicating with the printer they think they are?

The key message is that printers play a fundamental role in business life, both at the workplace and in peoples’ homes. They are communications devices armed with computing power, and if left unsecured, they become dangerous. Secure printers must be equipped with features like secure whitelisting, run-time intrusion detection, automated compliance, usage certificates, and even a “golden BIOS copy” to revert to, should a compromise be detected.

As more and more devices connect to the global network, they increase convenience, but at a cost of substantially weakened security. A printer that is not secure should be turned off and physically disconnected, since the bad guys are getting much better at hiding in plain sight.

For more information on printer security, visit HP’s Secure printing page and check out the webinar. To do a quick self analysis of your printers, visit HP’s analysis page here.

This post is brought to you by HP and IDG.
The views and opinions expressed herein are those of the author(s) and do not necessarily represent the views and opinions of HP.

By Steve Prentice

Steve Prentice

Steve Prentice is a project manager, writer, speaker and expert on productivity in the workplace, specifically the juncture where people and technology intersect. He is a senior writer for CloudTweaks.

Cloud Security Risks: The Top 8 According To ENISA

Cloud Security Risks: The Top 8 According To ENISA

Cloud Security Risks Does cloud security risks ever bother you? It would be weird if it didn’t. Cloud computing has a lot of benefits, but ...
ERP Ain’t Got the Same Soul, I Like that Old Time Rock ‘n’ Roll

ERP Ain’t Got the Same Soul, I Like that Old Time Rock ‘n’ Roll

Designing Enterprise Software around People Looking back, business owners talked to their customers and employees in person or by phone. This human contact was more ...
Cloud Migration – 10 ‘Do it Right’ Tips

Cloud Migration – 10 ‘Do it Right’ Tips

Cloud Migration Tips Businesses continue to adopt the cloud at break neck speed. Inherent benefits like lower operational costs, no infrastructure overheads, and quick access ...
Steve Prentice CloudTweaks

How Security Certification Helps Cloud Service Providers Stay Transparent and Credible

Security Certification Helps Cloud Service Providers If you are a cloud service provider (CSP), you know your customers have a choice as to who to ...
The Verge

Who’s listening to your AI device?

/
Google contractors are transcribing customers’ audio clips from the company's AI assistant, and can end up listening to “sensitive” conversations, according to The Verge, citing a report by Belgium’s VRT NWS ...
Tech Crunch

Apple disables Walkie Talkie app due to vulnerability that could allow iPhone eavesdropping

/
Apple has disabled the Apple Watch Walkie Talkie app due to an unspecified vulnerability that could allow a person to listen to another customer’s iPhone without consent, the company told ...
IBM News

IBM And AT&T Announce Multi-Year Strategic Alliance

/
IBM to make AT&T Business Primary Provider of Software Defined Networking ARMONK, N.Y. and DALLAS, July 16, 2019 /PRNewswire/ -- IBM (NYSE: IBM) and AT&T (NYSE: T) today announced a multi-year ...

Cloud Community Supporters

ISC2
Amazon
Ring Central
CA Technologies
Cisco

Community support comes from comic licensing, sponsorship, service opportunities and collaborative network partnership initiatives.