Only 57 percent of organizations have security practices in place for printers, and only 28 percent deploy security certificates for them, according to a Spiceworks survey of over 300 IT decision-makers at small and midsize companies worldwide. But a modern printer is much more than just a printer. They’re computers with hard drives, applications that run natively, and wide-ranging network access—plus all the potential vulnerabilities coming with these features.
According to the survey, the most popular printer-specific practices include:
- User authentication of the device
- Administrative passwords for web configuration interface
- Printer feature restriction
- Administrative passwords for simple network management protocol
- Security policy management
The practices are widely disparate, with none of the practices used by the majority of organizations in the survey. For a stout defense, each organization should use a mix of all these practices—and more. When it comes to security controls, organizations most often rely on controlled use of administrative privileges, inventory of authorized/unauthorized devices, and limiting and controlling network ports, protocols, and services.
Printers should be just as protected as PCs
Truly effective printer security requires the same level of care as that of PCs: deep and broad protection that covers every process. As a start, some modern printers offer deep device-level security, which you can enhance with network security:
- Validation of BIOS code integrity and a proactive response, if compromised
- Firmware checked to ensure it’s authentic, known-good code
- Run-time intrusion detection that constantly monitors and detects anomalies during complex firmware and memory operations; in the event of an intrusion, the printer automatically reboots
- Toner cartridges that support printer fleet policies and work with LaserJet printers and multi-function printers to prevent fraud
- Security features that check and reset device settings to maintain compliance with security policies
These security features do little good if they’re not initiated—and the Spiceworks survey shows that security protections and security controls consistently lag behind other endpoints. That’s a trend that needs to change for the future security and success of organizations worldwide.
To learn more about trends in printer security and how the lack of protections impact companies, check out HP’s new infographic and download the white paper.