Awareness : Security Awareness Tips

Printers: An Overlooked Security Risk

Display: check.

Built-in storage: check.

Internet access: check

No, it’s not your desktop or laptop computer. It’s your new printer/ multifunction device.  With each new generation, they get more features. Some new printers even have an email address.

Most new devices also function as scanners, copy and fax machines. These network-accessible printers are open to the same types of security risks associated with more advanced devices – like your computer.

Just like your computer, it’s important to follow some basic security procedures to minimize the risk.  The good news is that University-owned printers will most likely be secured by IT support, but you’ll still want to make sure your own device at home is safe.

First, decide if your printer needs to be connected directly to the network or if it can be plugged into a computer instead. If you decide to connect the printer to your home wireless network, that needs to be secured before anything else. For your wireless router, change the default administrator password, change the SSID (the name of your wireless network), and enable the best wireless encryption supported by all your devices.

Your next step is to password protect your printer’s web interface. This is sometimes done during the initial setup of the device, but more often than not, you will have to point your web browser to your printer’s IP address to set a password. If a password already exists, be sure to change it; finding a printer’s default password online is too easy! All printers are different, but instructions can be found in your printer’s manual or on the manufacturer’s website. This is a crucial step to ensure that the settings you choose for your printer are not changed without your permission.

Just like your computer, vulnerabilities in your printer’s software may require updates. You should check for firmware updates on a regular basis. The manufacturer’s website will have any updates available in their support area, though your printer may be able to check directly through its web interface.

If someone with malicious intent manages to access your printer remotely, minimize the potential risk. Ideally, you should not keep flash memory plugged into your printer while you are not using it. A malicious user can actually access this memory remotely and infect it with malware that can then infect your home computers.

Finally, when you discard your printer, make sure to delete any personal information. Depending on how the device is configured, every time you scan, copy, or email a document, an image of the original document may remain in storage on the device. Without any additional protective measures such as encrypting the document while in storage or securely wiping the data, individuals with some technical capability can recover such information. The manufacturer’s website should contain information on how to do this. In some cases, it is relatively easy to locate and remove the internal hard drive. You can then destroy the drive yourself or securely wipe it. Examples of information recovered from such devices included medical records, Social Security numbers, birth certificates, bank records, income tax forms, and police reports.

For more information

Posted July 29, 2010