Every agency, leader and federal employee needs to be aware of and know how to properly secure the print environment — and here's why.
The 2017 Cyberthreat Defense Report from the CyberEdge Group found that 76% of networks suffered a breach last year. Today, three out of five organizations believe a successful cyberattack is more likely than not to occur in the coming year. Although some potential points of entry are well-known (weak passwords, phishing, etc.), others don't receive the same attention — such as printer vulnerabilities.
The Insecurity of Network-Connected Printers, a study conducted by the Ponemon Institute, surveyed more than 2,000 global IT security practitioners. It found that nearly two-thirds were pessimistic about their ability to prevent the loss of data contained in printer mass storage and hard copy documents. Sixty percent of respondents acknowledged that a data breach involving a network-connected printer has likely occurred, and 57% predicted a data breach in the next 12 months resulting from insecure network-connected printers. Those aren't good odds.
While the stakes are high for business, they're even higher for government. To start, printing remains an integral part of most federal employees' workflows: They print an average of 30 pages per day, or 7,200 pages per employee, per year. Research from GovLoop revealed that 58% of government employees need color printing at their agency on a regular basis; 42% have high-volume printing needs of multiple and large documents; and an additional 27% need to print in large paper formats. The fact that printers are so heavily used makes them even more of a threat.
When it comes to printing a classified document, it doesn't matter if it's classified once it falls into the wrong hands through printer vulnerabilities. Hackers can use a printer vulnerability to break their way into the network and cause trouble in other ways, such as through the use of ransomware. This can result in extreme disruption and danger. Despite this, the GovLoop survey revealed that 47% of government employees didn't believe printer security is an area of concern for their agency, and only 38% of survey respondents indicated their organization has a security policy regarding printers.
The printer vulnerabilities can be broken down even further. One-third of federal employees said they assign access rights to printers based on the sensitivity of data printed; 29% ensure data is encrypted on printer hard drives and other storage devices; and fewer than one out of four employees scan their printer infrastructure for vulnerabilities to remediate security risks or enable their printer logs to regularly check for hiccups or security incidents.
According to Michael Howard, chief security advisor at HP, spreading awareness and illuminating the true risks of the print environment is what will drive IT — both in federal and nonfederal organizations — to take proactive steps in securing every corner of the workplace. "Agencies are still looking back at the traditional way that we secure IT,” he says. “We have network switches and computers, we have all of those things that we generally lock down, but printers were something that just didn't need to be secured. Now it's a matter of catching up, where people have to understand that everything out there is at risk."
Investing in printer security is worth the time and money, as it can ultimately save both. The key is to procure printers with built-in security features. This decreases human error and enables technology (and the experts who build it) to handle security risks, so employees don't have to.
The most secure printers come with a comprehensive set of features that keep the printer and everything that goes through it protected at all times. This includes access controls — so only employees with the right authentication can access printers and their data — as well as password protections. This also means documents subjected to compliance and classification standards remain safe.
The best secure printers provide an auditing system, so agencies can track who prints what and when. Data should also be encrypted to and from the printers, as well as at rest, and printer firmware should be up-to-date with the latest security patches. In addition, printers should be continuously monitored for anomalies and potential security incidents.
Even if you follow all of these steps, employee education is critical. Mitigating printer vulnerabilities can't be a top-down effort. It has to come from the bottom up, too. When federal employees understand the risks printers can pose and are aware of security best practices, they are empowered to find solutions that keep government information safe.
As they say in medicine, an ounce of prevention is worth a pound of cure, and that holds just as true for government IT.