9 Tips for Securing Your SMB Printer Network

Posted on Leave a comment


Small Business
 ᛫ Kelly Kearsley ᛫ Epson ᛫ June 13, 2018

When it comes to cybersecurity, you’ve likely locked down your internal networks, maintained a strict software updating program, warned employees about phishing scams and reviewed protocol for mobile devices. But unless you’ve secured your network printers, you may still be vulnerable to security breaches or attacks.

In an IoT era, unified technology and connected devices provide SMBs with a lot of opportunities. But they can also pose real threats to your SMB’s cybersecurity and printers are no exception. A 2016 IDC survey revealed that unsecured printers and multi-function devices caused 35% of all office security breaches. Those network security breaches cost companies an estimated $133,800 each year, the IDC reports.

Today’s printers are no longer simple paper pushing machines; they’re powerful computers in their own right. As such, they can provide hackers with access to the sensitive information that’s being transmitted and to your organization’s broader networks. Fortunately, there are steps your small business can take to secure your printer network. Here are nine tips to ensure your printers don’t provide an easy entry point for bad actors.

1. Create a printer security point person. You can probably point out who in your organization is in charge of deploying software patches or issuing key cards to new employees. But printers can easily fall into a no-man’s land of responsibility. Maybe each team runs their own network or someone set the printer up and then never thought about it again. Assign someone to be responsible for your printer network security. If that’s too much, then consider a managed printing service and designate a point person in your organization to work with them.

2. Make sure your printers are physically secure. Your printer may be printing sensitive information that could be problematic if it got into the wrong hands. Keep your printer in a secure place such as a locked closet if possible. Also situate the printer near an admin or someone who can monitor the printing activity and ensure that printouts are not left behind. In addition, some printers require users to enter a code on the machine before it will complete the job. Enable those features so that printing only happens when a person is right at the machine.

3. Stay up on the basics. Much like other software and devices, make sure you update your printers’ firmware on a regular basis. Doing so will reduce your vulnerabilities and ensure your printer network benefits from latest patches and security improvements. Set up new admin passwords instead of relying on the default password or worse, having no password at all. Also be sure to update any non-native printer software that may have been installed.

4. Disable any unused services. Your printers provide numerous functions and additional services. Turn off any services that you’re not using so they don’t serve as vectors for hackers. For instance, your printers may offer an FTP function, an old-school way of transferring files that you probably don’t need. When you do update your printers’ firmware, default services may be reactivated. Check afterwards and then disable them again if necessary.

5. Disconnect from the public internet. This is one of the most significant steps you can take toward protecting your printer network. There’s no reason for anyone outside your organization’s network to need your printer and preventing that access keeps hackers out of your business. Create a firewall rule that blocks inbound and outbound communication between the printer and the public internet. You can also configure your network traffic at the router to do the same.

6. Secure your Wi-Fi as well. This falls into the same vein as disconnecting from the public internet. Unsecured Wi-Fi provides another easy way for people outside your SMB to access your printers, your network and then your data. Securing your Wi-Fi, however, can be as simple as making some choices from a dropdown menu. Look for an option labelled WPA2, which allows you to protect your Wi-Fi network with passwords. It also encrypts local network traffic, adding another level of protection for information being handled by your printers.

7. Authenticate printer users. The best way to monitor and control who has access to your printers is with an Identity Access Management (IAM) program. These typically facilitate creating passwords for IT-related tasks. SMBs using Microsoft Office can then tap Microsoft Active Directory to help manage these passwords and regulate printer activity. For example, you can set up roles-based controls so that only people from certain teams can use certain printers. That way your HR employees can print their documents at the HR printer—and nowhere else.

8. Watch for suspicious activity. Even with all the above safeguards, you still want to monitor your printer network for unusual activity. Newer printers may offer auditing, tracking and logging features. These can provide data on usage, costs and the ability to trace when a breach may have happened and where it came from. If the printer itself doesn’t offer these capabilities, explore software add-ons that make print auditing and tracking possible.

9. Consider upgrading your printers. Many new printers are now coming with built-in security features to make it easier to secure your network and protect your SMB from a cyberattack. For instance, new printers may come with an Approved Senders feature, which allows you to denote whether someone can send something from their email to print, or provide a feature that automatically deletes old print jobs.

Connected devices, including printers, make your SMB more efficient and more competitive. Secure your printer network and you’ll ensure that these endpoints remain a business advantage—instead of becoming a business risk.

To learn more considerations and tactics for improving the security of your network, check out the Epson whitepaper on securing printers.

Leave a Reply

Your email address will not be published. Required fields are marked *