In today’s connected world, cybersecurity is far more than keeping malicious applications off your smartphone or thwarting attacks before they wreak havoc on your computer systems. It seems just about anything can — and is — being connected to the Internet these days, and with that increased level of connectivity comes an increased level of risk.
Even vending machines are being hooked up to the Internet. And that’s just another endpoint through which hackers can worm their way into your networks, if those connections are not secured, maintained and monitored. As more and more devices and assets come online, there’s one in particular that many organizations have overlooked, said Michael Howard, Security Practice Manager and Business Development at HP.
“One of the things that a lot of customers do today is they’ll secure their entire IT infrastructure, but they’ll exclude printers,” Howard said. “Print has been one of the largest oversights in IT areas.”
How can the problem be solved? Education is key.
When leaders don’t understand the significance of an investment it’s likely to be cut rather than grown. The harm there is that security investments fall by the wayside until there’s an incident, and it’s too late.
“At HP we have been building our security portfolio around print and providing education, as well as security advisory services. This is where we go in and help customers understand the need for securing printers at the same level as the rest of their IT,” Howard explained.
HP is making large investments in developing print security solutions, including hiring more experts who are credentialed and well-equipped to help agencies sort out print security needs.
The ultimate goal for agencies is to ensure that every endpoint on the network, including printers, have a security policy and ensure that policy is implemented and regularly updated. That’s especially true now that printers are moving under the purview of IT departments, as opposed to facilities departments.
“What we like to tell customers, quite simply, is if it touches your network, it needs to be treated as a equal citizen when it comes to security,” said Howard, who manages HP’s worldwide team for the security practice around print.
Howard stressed that agencies cannot afford to set policies and fail to review and update them regularly. At a bare minimum, organizations should be reviewing their security policies every three months, Howard noted. “It is something that has to be proactive,” he stressed.
So where does an agency start with print security? What policies should agencies enforce to secure their printers, many of which are far more sophisticated than the ones developed decades ago?
Jason O’Keeffe, Security Solution Expert for the America’s Region at HP, offered these best practices:
- Enforce encryption and security monitoring. Printers store sensitive information, and that data needs to be protected. If a printer is out of compliance with encryption standards, the issue should be reported to the security team and addressed.
- Establish policies for securing built-in firewalls. Some printers come with their own firewalls that must be managed through policies.
- Check the settings. Every network device — server, storage, computer or printers — by default will have unsecure protocols. So you have to ensure that the unsecure settings are changed and brought into line with your organization’s policies.
- Secure embedded web services. Printers have embedded web services, and every web server that supports those services should be properly secured.
“Printers are not very different from any other network device on the environment,” O’Keeffe said. Policies that govern the security of printers should also be monitored and reported regularly. This is especially true if your agency is undergoing major IT changes or upgrades.
“If you undergo a major upgrade, it’s important that you keep an eye on existing controls and constantly monitor them,” O’Keeffe said. That way you can ensure security features aren’t altered or completely changed.
In addition to helping agencies set print security policies, HP and its team of experts is also looking ahead at future capabilities that will boost security. Additionally, HP is developing solutions that provide built-in security tools for printers, similar to what’s already available for desktop and laptop computers.
“We are building a lot more security policies and security solutions into the devices themselves, so that you’re starting with a very secure device and you can start layering solutions on top of that,” Howard said.