Recently, Sharp noticed a very interesting trend in SMB security. Generally, SMBs seemed to understand that security was a major issue for them and a key priority area for technical investment. However, their knowledge and concern didn't appear to extend to print security.
Whether it was caused by a lack of awareness, information, or investment, one thing was clear from our conversations with SMBs; office workers simply didn't seem to understand or respect the threat posed by poor print security practices. To find out what was really going on – and put some facts and figures behind our hypothesis – we commissioned a pan-European survey of print security behaviours.
What we found was extremely interesting.
What you don’t know can hurt you
Once we started exploring the results of our survey, one finding was abundantly clear; our hypothesis was correct – there is a huge perception problem regarding print security across European SMBs.
Amazingly, only 10% of respondents considered Multi-Function Printers (MFPs) to be a possible source of a security breach; and 48% weren’t even aware that they could be hacked (a figure that rose to 65% in the UK). Even among those that knew printers could be hacked, 23% didn’t believe this represented a risk for their business. In a similar vein, our survey also found that the majority (55%) of European office workers didn’t know that hackers can intercept a scan.
And one of the most interesting findings was that only 22% identified print-outs left in the paper tray as a potential security risk – despite the fact that a quarter (24.5%) of the same people had found confidential or sensitive information left on a printer.
It's difficult to say exactly where these misconceptions have come from. There is a tendency to view MFPs as traditional devices that have more in common with the printers of yesterday than today's hyperconnected smart devices. From a security standpoint however, this couldn't be further from the truth.
Perhaps the most obvious answer is that as traditional printers have evolved into MFPs, SMB teams simply haven't considered the security implications of their new features and connectivity. The devices themselves have simply evolved faster than the security capabilities and behaviours around them.
Beliefs drive behaviours, so we also set out to better understand which print security practices SMBs are engaging in today – and how they line up with current perceptions of the problem.
Behaviours fall far below expectations
Most MFPs have some kind of log-in or authentication capability ensuring that only those persons that have sent a document to print are able to retrieve it. We asked how many companies had activated this capability: the majority of respondents simply hadn’t done so, meaning anyone that gained access to the office could use the device and potentially get their hands on any document in the print queue, or make a duplicate copy of any pages found. We also found that only 31% of SMBs checked the ID of maintenance staff working on an MFP, so anyone could – in theory – adjust the settings so it could be accessed remotely by a hacker.
The fact that many SMBs hadn’t implemented basic security features immediately suggested that the larger issues of security policy and training were being overlooked. And so it proved: 20% of SMBs had no security processes in place for their MFPs; and 40% of people had never received any training or formal advice on how to use an MFP securely.
As we might have expected, low awareness of security resulted in a series of insecure print behaviours – after all, why protect yourself against a threat you don’t believe exists?
Help is at hand
This raises one big question; why? Why are SMBs disregarding print-related security in such high numbers? Why is it so far down on their agendas? And why do the people that do recognise the problem not take greater action against it?
It would be easy to suggest that this represents a dereliction of duty by SMBs. But that’s a very uncharitable view: all SBMs have finite resources and many don’t have dedicated in-house IT skills. This, coupled with low awareness of the threat, makes it easy to understand why tackling print-related security doesn’t make it to the top of the SMB’s ‘to-do’ list.
The other question this poses is 'how?' – how can SMBs change their approach and start giving print-related security the care and attention it truly demands?
Fortunately, help is at hand. The latest generation of MFPs from Sharp have a range of security capabilities that work ‘out of the box’. They can take advantage of ‘whitelist’ capabilities that ensure only specific device functions and processes have access to internal data storage to guard against malware. Built-in attack prevention and self-recovery capabilities offer protection against intrusion. Plus, SSL/TLS channel encryption keeps information secure as it is transferred between PCs, servers and printers.
Some Sharp MFPs even have a light that flashes if a document is left on the scanner. Quite simply, these MFPs take care of print-related security issues, so you can focus on taking care of your business. If your existing devices don’t have these features, then you might want to think about replacing them.
It's time for action
For those that want to find out more about print security issues, Sharp has worked with ethical hacker Jens Müller to produce a handy guide to MFP and printer security for SMBs. However, if you are waking up to the fact that you may have a print security problem, then there are some clear steps you can take to safeguard your business: implement a security policy, ensure that your staff comply with it – and activate your MFP’s out of the box security features. If your print security is broken, Sharp can help you fix it.