network and have the same potential threat level as any other networkconnected device. “By adopting the stance of ‘it’s just a printer’ some organisations may have blind spots in their otherwise secure networks. The print infrastructure should be included in any IT security policy to identify potential threats as network print devices are increasingly being targeted. “We work by creating a framework of requirements with our customers – security being one aspect of this, focused on the zero trust model. It is then our job to develop and integrate a solution that meets that framework and how it will be managed long-term. Effective user engagement and training is vital when delivering a solution. “Understanding that human error often accounts for more data loss than malicious attacks can be a hard message to deliver. By effectively using good practice, procedures and training, customers can reduce security risks stemming from their print infrastructure. “Key Digital’s holistic approach ensures that security is understood, delivered and maintained throughout, strengthening our relationship and safeguarding our customers.” www.key-digital.co.uk Ronny Ecke, Pre-Sales Solution Architect, Apogee: “When people think of securing their devices, the prominent actions taken are to secure the laptop, desktop and server. Worryingly, fewer organisations consider printer security an area worth prioritising. “We can only assume that people are not aware that a printer is an endpoint device on the Internet of Things (IoT), making it vulnerable to ransomware and DDoS attacks, and once a hacker enters an unsecured printer, they are able to do much more than print excess pages they now have access to the entire network. “An unsecured printer opens a world of possibilities for the duplicitous hacker. Left unguarded, organisations leave themselves open to a plethora of risks. Data leaks are the most obvious risk, confidential documents such as customer data and employee information are regularly stored in printer caches making this data ripe pickings for a criminal. Once they have gained access to a Wi-Fi enabled printer, they can catch print jobs whilst they are being transferred to the printer and take this data with them to do with as they please. “When a hacker targets a printer, it is as an entry point to get to more critical users and the core infrastructure. Once they’re aware of the critical users – knowledge acquired by simply locating your company address book, they can pose as business executives and begin phishing attacks; you’re far more likely to open an attachment in an email from a trusted partner at work than from an email address you do not recognise. “As a managed workplace services provider, it is our duty to educate our customers on the risks printers present to their business and then provide the tools and education they need to strengthen their security posture, after all – a printer is only as secure as you make it. We make customers aware that print security is always a combination of both hardware and software, running concurrently to protect their business. For example, as part of HP Wolf Security, the Enterprise device range has two BIOS. The first BIOS is HP Sure Start, the hardware enforcement by HP powers up every time a device starts and compares the start-up BIOS code with the correct BIOS – this takes care of a firmware attack. In the case of an attack, the printer recognises it and starts from a ‘golden’ BIOS. The golden BIOS is physically on the printer, this ensures no one can tamper with it. The printer can then self-heal using the isolated golden copy, notifying that there has been a breach. The second solution to mitigating risks is HP Security Manager. The industry’s first policyuniversal queue, whilst access can be granted to clients and third parties where necessary and appropriate. By moving print management to the cloud, you can ensure consistent control and quality across a varied and distributed workforce. “Other customers may manage print through an on-premise server, which helps ensure that all print data remains within an organisation’s infrastructure – and can only be accessed by a limited number of employees. This offers strong security benefits for industries that are printing sensitive documents, such as healthcare, legal and government organisations. Hybrid servers may also be considered, which offer the added security of an on-premise server teamed with cloud print benefits, such as multi-factor authentication and user access validation. “The other consideration with print, is the secure disposal of documents. Just as you shouldn’t throw unshredded bank statements into the bins for collection, you should be just as cautious with company paperwork. “While there has been a lot of speculation around security recently, it is important to keep in mind that even the most robust systems will have lapses. Investing in cyber education workshops can empower employees to make the right decisions, whether that’s in the office or at home.” www.canon.co.uk Andy Ratcliffe, Managing Director, Key Digital: “Print devices are often viewed in the same category as any other IT peripheral, but business printers and multifunction devices are smart connected devices. They are linked to a PRINTITRESELLER.UK VOX POP 43 When a hacker targets a printer, it is as an entry point to get to more critical users and the core infrastructure continued... Andy Ratcliffe Ronny Ecke
RkJQdWJsaXNoZXIy NDUxNDM=