Redtree IT

Are printers a hole in your security?

March 18th 2022

By Matthew Phillips

We all install Antivirus and we backup our critical data (don’t we), we also presume our firewall keeps out the bad guys. Do we consider the other devices on our network, have you thought about protecting your printer from the cyber criminals?

We all need to tighten our security.

As modern printers have access to our devices, our networks and the internet they are an ideal target for hackers as they can be the weakest link. But all to often we ignore these devices and concentrate our security efforts on laptops, desktops and mobile phones.

Many UK businesses and even their local photocopier companies leave these devices using default administrator passwords and with out of date firmware. Check your password on your printer, is it unique to you?

 

If compromised along with printing to your device, hackers could access confidential information stored on the printer or even launch a Denial of Service attack that stops critical systems, internet and email from working.

So you know you need to secure your printers, but how easy is that to do?

5 Steps to securing your printers

  • Limit or disable access

    If your printer has a WIFI option, but its currently plugged into the network with a cable, turn off the WIFI. Disable any features on you printer that you don’t use and when your not using it turn it off.

  • Secure your printers settings

    Disable ports that are not needed. The printer out of the box will be setup to allow anything and everything to connect to it. There are settings that are not often used for instance AppleTalk, Telnet, FTP and SNMP if your not sure which you need speak to your IT provider or try turning them off one at a time.

    If you’re not using any of the following network ports, you should disable them:

    • Ports 515721-731 and 9100
    • Internet Printing Protocol (IPP) – port 631
    • The SMB protocol should also be disabled
  •  Install updates

    Its worth the effort to update your printer to the newest firmware version. When a vulnerability is found the hardware supplier should release an update to fix the issue, but these updates will not run themselves.

  • Change the default password

    If you cant find the password to access the admin functions on your printer you can always google the default password. That’s really useful for you and me, but its also really useful for anyone trying to run an attack, but it’s easy to fix just log in to the printer and change it.

    How about using a passphrase instead of a password, check out the NCSC logic behind three random words or use a unique password generator to generate a password that is almost impossible to crack.

  • Educate your employees

    If you work in an office, you will not be the only person who will be using the printer. With all IT security, education is key, make sure your team are aware of all the physical and virtual risks. There are plenty of training systems available that can deliver short video training sessions throughout the year.

It’s time to step up your security

Printers are often overlooked when it comes to security. Most business owners only think about the printer when they need it to work, or they have to replace the toner. It’s a single function device so its no surprise that we don’t consider it as a security risk.

Take a moment to see if you can improve the security of your printer, log into it and have a look a the settings – speak to someone if you need help. It could be the best decision you make today.

Share