Office printers: the underestimated cyber threat
A lack of awareness of the risks of unsecured printers and a lack of or inadequate training for employees make companies vulnerable to cyberattacks.
Unsecured printers continue to pose an often underestimated cyber threat to Swiss SMEs, according to the results of a survey conducted by Sharp. According to the survey, 44 percent of 1001 employees surveyed in small and medium-sized Swiss companies (SMEs) stated that no printer-specific IT security measures are implemented in their company. In a world where cyber attacks have become almost commonplace, this negligence in relation to printers represents a serious security risk.
Lack of understanding leads to inadequate protection
The problem here is not so much the devices themselves, which can be solidly secured against external attacks with just a few basic technical settings. Rather, there is often a lack of basic understanding: most office workers are still not sufficiently aware of the fact that a printer is equipped with its own hard disk and numerous network interfaces and can actually be hacked. According to the survey, just 15 percent of respondents even associate their office printers with the topic of cyber security.
The topic is also largely left out of IT security training courses: Only 19 percent of employees stated that they had been made aware of potential cyber risks from unprotected printers during training.
It is therefore hardly surprising that many employees hardly think about the office printer in their day-to-day work, let alone their own use of it: 33% of those surveyed, for example, print out files that they send by email from their home office on company printers in the office, where they are left unattended in the output tray for long periods of time. 27 percent use private USB sticks for this purpose without being aware of the associated security risks, and only 21 percent recognize that unattended printouts in the output tray of a printer could pose a data protection risk at all.
Raise awareness and take technical precautions
"Printers are hardly perceived as a security risk in everyday working life and are therefore often inadequately protected, which cyber criminals exploit. Yet printer security is not rocket science: companies should make the necessary security configurations, keep their scanner and printer software up to date and carry out regular back-ups - this already provides solid basic protection," says François Müller, COO of Sharp Electronics Switzerland.
"Companies should also introduce uniform security standards for hybrid teams and make their employees more aware of MFP-related security issues," François Müller continues. "This starts, for example, with ensuring that confidential printouts and copies are not left unattended in the MFP's output tray or disposed of unsecured. In addition to a lack of technical precautions, it is often the supposed trivialities that significantly increase the risk of data loss or misuse by unauthorized persons. Expert advice can provide additional support in designing a holistic security strategy and minimizing the risk of data loss."
Source: Sharp
