CYBER SECURITY | 5 MIN READ
When people imagine how hackers access private medical records, they think of the usual avenues like hacking an employee's email account or stealing the physical files from the actual building. However, imagine this scenario: think of all the private documents that your employees copy and print every day. Now imagine a hacker accessing the data on those copiers and printers.
Though it sounds surprising, hackers can access medical files through your copiers and printers. Since copiers and printers are an overlooked aspect of a business' security plan, they're often left unsecured.
When hackers think of which parts of a business network to target, many might think to aim for computers because of all the sensitive documents and programs stored on them, but sometimes, hackers instead aim directly for printers and copiers.
Hackers know these machines tend to have less security than a computer and might potentially contain sensitive documents on their hard drives.
Not enough time? Jump to:
Do Older Copiers and Printers Pose a Security Risk?
Older machines are less secure, which leaves a host of potential issues for your company.
For instance, on older copiers and printers, the connection between a computer and the machines isn't very secure, which means that hackers can more easily access your information when it's sent over your network.
For older copiers and printers with less security, hackers who physically visit your office can simply plug a malware-loaded flash drive into one of your copiers or printers, infect the machine, and then infect a company's entire network. While the odds of this happening are low, the situation is technically possible.
This same scenario can potentially play out on newer machines too if you enable features that let you access documents stored on your copiers and printers from your computer.
These hard drives are unsecured, which means a hacker can hack the copier, access these documents, and then access your network. When setting up your copiers and printers, disable this feature if you can.
Personal Copier and Printer Risks
Personal copiers and printers, especially older models, used in managers' offices come with a host of security risks. Since these machines are usually intended for home use, security isn't as much of a priority when brands build them.
For instance, "home copiers" can have a "print from anywhere" feature that lets you print documents to the copier even when you're away from the office. However, this "print from anywhere" feature has little security because it has to create a hole in your firewall to allow you to communicate with the machine from anywhere in the world.
This hole in your firewall can let a hacker access the machine and anything scanned on it, documents and files on that employee's computer, and even access the whole company's network. If you have this feature on your personal printers, turn it off.
Another security gap on personal machines that you might not consider is a default setting that, when you're scanning to the hard drive on a copier, allows you to open the folder from computers on the network to retrieve your files.
This setting allows for information to be written to and removed from that device from anywhere on your company's network and is generally done with minimal or no security. If your personal copiers and printers have this default setting, turn it off.
Remote Support Feature Risks
Any remote support feature where the dealer or manufacturer can remote in without your involvement or consent is a security risk.
While enabling a "remote support tools" feature lets your machine's vendor remotely assist you in fixing issues, this two-way form of communication creates network gaps that lets hackers access previously scanned or printed documents, or even get into your network.
If you have this feature on your copiers and printers, either turn this feature off or try to opt-in to one-way outbound machine support.
Tips to Secure Your Copiers and Printers
Upgrade to a Newer Machine
Newer copiers can have features like Transport Layer Security (TLS) that encrypt scanned files sent to your email encryption as well as newer versions of Server Message Block (SMB), which securely scan documents to a folder instead of your email.
Scan your Network for Security Gaps
Hackers use network scanning tools to search for security gaps in your network, especially in your copiers and printers. When a hacker scans your network, they look for open ports.
Open ports can let them access the hard drive of the copier and view all documents in the hard drive. Hackers could even potentially get into your entire network this way too.
Think like a hacker and use the same tools to find and fix security gaps before a hacker takes advantage of them. Using a network scanning tool, scan your network for any open ports on the copiers and printers.
Enable Data Encryption Kits
For instance, some newer models created within the last 5-6 years have data security kits that you can enable. These kits can have data encryption functions, which scramble the data stored on your copiers and printers, rendering the information useless to a hacker.
Additionally, on some newer models of brands like Canon and Sharp, data security kits might also have features that, when a document is scanned, copied, or printed, erase those documents from the hard drive sometimes as many as 28 times.
Consider Managed IT Services
Buying newer copiers and printers and managing certain features on those machines are great ways to protect your network, but these actions can still leave you at risk of a cyber attack.
If you want to really step up your cyber security game, consider managed IT services. Managed IT services are an all-inclusive method for protecting your network, which includes machines like your copiers and printers.
By implementing multiple layers of cyber security such as firewalls and anti-malware programs to employing a team of IT experts to address any issues that pop up, managed IT services helps you prevent downtime in the event of a cyber attack, which saves you money and increases productivity.
If you have a staff member that's not well-versed in cyber security handling your business' network, contracting this job externally also increases productivity by freeing internal employees up.
Consider managed IT services today.
Posted by Erica Kastner
Erica Kastner is a lead Content Specialist at Standard Office Systems as well as a University of Georgia graduate. She aims to use her passion for problem-solving to help businesses understand how to better leverage their network infrastructure.