Service Requests

Best Office Printer Practices

by | Jan 27, 2020 | Bizhub, Business Copiers, Copiers & More

black/white copier in the corner of an office and blue notepad, pen and laptop on white office desk

If you’ve had your office printer for a while, and if you’ve been reading our blog posts and other related articles, you probably know how to get the most out of your printer. 

Cost-effectiveness and efficiency are both important and relatively easy to maintain once you know what to do. But there are other “best practices” for your office printers, especially those that are connected to the Internet, which is increasingly common.

What’s That “Hacking” Noise Coming From Your Printer?

black/white copier in the corner of an office and blue notepad, pen and laptop on white office deskActually, getting hacked is no laughing matter, but few people realize that their online printers serve as an opportunity for criminals and others to gain access to their networks.

Cyber-crime has become – and continues to become – increasingly sophisticated and at a frightening speed. And one of the targets for these malefactors is the ubiquitous office printer.

And it’s not a new phenomenon.

The website HelloTech.com shared this from a 2017 post,

“During Black Hat 2017, Ruhr University Bochum’s Jens Müller emphasized how people shouldn’t turn a blind eye on their printers for reasons of personal security. He reveals that in the hands of shrewd hackers, such humble machines could do anyone considerable damage.

A hacked printer, he said, can do anything from stealing personal info to defacing everything you print. It can even be bricked with a simple denial of service (DoS) attack. And because printers are ubiquitous, it means anyone or any organization can fall victim to them. To make matters worse, most of today’s printers come with Internet connectivity.”

And a blog post from UC Berkeley’s Information Security Office noted,

“Multifunction printers (MFPs) are experiencing an identity crisis:  IT administrators don’t always see them as the full-fledged networked computers they really are.  But attackers do – and they are finding them increasingly very attractive!

These printers, shoved in the corner of the office and quietly going about their business of copying, printing, faxing and scanning, might not seem to pose any real security risk.  But like any networked device, if not properly managed, they can expose sensitive campus data to unauthorized access and misuse.”

So, the question is, of course: “How do we keep our printers and all-in-one devices secure?”

While it may not always be feasible or practical, minimizing the amount of personal or sensitive company information being printed or transmitted is a good general rule of thumb. Also, whenever possible, try to default to any dedicated or strictly “intranet” networks for general office printing use. 

Copier Repair

In addition, there are a number of actions that you can take to help keep your office printing network more secure. 

 

  • Make sure you have some type of printer encryption.
  • Implement a use authorization system.
  • Change your passwords immediately upon setting up your device.
  • Keep all your printers up-to-date.
  • Keep your printers physically within sight.
  • Only enable services and processes you need and disable any others.
  • Always choose a secure printer for your printing needs.

Internal Office Printer Security

Unfortunately, printer security must include “post-print” actions. Companies are liable for ensuring and maintaining employee privacy as well as securing sensitive company information. HR managers and staffers are familiar with these requirements, but many other employees may not be so aware.

There are a couple of key areas of concern after a document has been printed. One company suggests these steps for maintaining “post-print” security,

“There are several methods of protecting print jobs at the physical printer. One of the highest-recommended systems is an authorized-release process. This method can take several different forms, but all involve a user sending a job to a printer, and then releasing the job upon arrival at that specific device.

Often, these systems use a keycard scanner, NFC device, or password authentication into a printer’s display. This prevents sensitive documents from sitting around in a print tray if there is any delay in users picking up their printed materials (or if the job was accidentally sent to the wrong printer).

Aside from picking up lingering printed materials from the tray, another vulnerability once a print job is done is any data remaining on the printer’s hard drive. While encrypted printer hard drives are not required for all industries, it’s a best practice to uphold good print security by having spooled jobs sent to (and erased from) a removable, encrypted drive.”

Inner-office printer security is largely dependent on managing user behavior. Requiring and managing these secure printing practices will help:

  • Discourage staff from printing emails through automated messages and pop-ups
  • Make shredding bins available and accessible to nearby printers
  • Enforce time frames for unclaimed copies to be shredded

Unintentional actions by employees can still sabotage even your best security processes, so it’s important to train business staff in properly using your office printer system and to revisit these practices periodically throughout the year.