All football fans know ‘that look’. The look of helplessness on the face of a football manager who sees his side getting thumped and knows, no matter how much he shouts or flaps his arms, his team is getting beaten today.
As the football season kicks off again, it’s time IT takes a page from our favourite sport’s book. If you’re in charge of your company’s IT Security Protocols and you haven’t included printers and multi-function devices in that strategy, then when it comes to being able to prevent a breach, you’re more like that hapless football manager than you think.
In football, the saying goes ‘strikers win you games, defenders win you championships’. It’s no use just having a couple of star defenders either. Opposing teams will always target the weakest link in your back line.
So while most companies have ‘Premier League’ quality PC and tablet security protocols in place, hackers just don’t care. And why should they, when they can target the multiple types of printers found in an average office? The problem is, network printers often run on operating systems that are not covered by any industry standard security management solutions. This means they aren’t going to be covered by your basic routine patch scheduling.
Ultimately, it’s a bit like asking you to put on your football kit and get in the game with England International’s Gary Cahill in defence. It doesn’t matter how good he is because opposing strikers can just run past you and score.
Now in goal, you want a supreme shot stopper that strikers fear. Unfortunately, in the world of IT Security, in goal you have Open Wireless Access Points. They can’t stop a thing. Alarmingly, while companies have open access points locked down solid for PC and tablets, it’s often not the case for print. For example, do you know how many printers in your network have open wireless access points, right now?
Lesson: Printers and multifunction devices have much in common with computing devices, with the added complexity of being able to print and scan your most important documents. Therefore, make sure that you approach securing your printer network with the same rigour as you do your network of PCs and Tablets.
Let’s start with remote and flexible workers. It’s great for productivity but these players could be likened to a transfer or substitution role. Are they familiar with the rules of the game? Working in a more connected world than ever means that there are more and more chances for anyone, anywhere, to infiltrate your network and steal your documents and data.
This brings us to the midfield – the engine room of the game. The whole Building, specifically the Office Floor and Network, form the hardest working outfit in the world but a leaky defence is letting the opposing team slip through. How many confidential documents are being given up to opponents making smash and grab attacks? Don’t be one of the 44% of organisations who allow unauthorised access to data in printer mass storage.
Lesson: Make sure that employees are aware of the latest best practice when it comes to IT security and set up security training for your remote workforce.
A good striker can be judged by the timing of his runs into the box and ability to clinically dispatch the ball into the back of the net. In IT Security, your strike force is your employees and the timing of ‘their runs’ could not be poorer, with many of them leaving confidential documents unguarded in printer out trays for the full 90 minutes. The solution is better employee training and authenticated print job release, which is where users have to authenticate a job at the printer before it prints. Implement this and suddenly the timing of your strikers ‘runs’ will improve dramatically.
Lesson: Invest the time and resources in training up your employee base on print security.
The importance of a good start
When a small football club travels away from home to face a big football club, such as Man United, most pundits will quickly deem ‘a good start’ is as crucial to the success of the smaller club.
You could argue this is also true of company networks. Booting up in the morning is one of the most vulnerable moments for a breach, especially for printers and multifunction devices which often do have the same built-in protection that computing devices have. So, how can you prevent an early goal being scored against you?
Lesson: Validate the integrity of the boot code at every boot cycle. The latest generation of HP Pro printers come with this technology as standard.
In football, smart substitutions can completely turnaround the fortunes of the team. But just imagine a scenario where your player is told to come off and immediately tears through your own defence before scoring a stunning own goal. Sound far-fetched? Meet Hard Drive.
Most business printers, the same ones with operating systems that are never updated, have internal hard drives that save digital copies of the documents they’ve printed.
Lesson: If you’re thinking of upgrading or replacing your printer fleet you need to make sure you erase the storage in your printers and multifunction devices securely with a software tool that meets industry standards. Finally, the most secure way of erasing data is to physically destroy the hard drive. Just be careful that you don’t destroy leased printers. Consult with your leasing company to find out how your data can be erased.
Final word… to our man of the match
We’ll leave the final word to man of the match Michael Howard, HP Worldwide Chief Security Advisor.
“Every device that touches the network needs to be treated like an equal citizen when it comes to security. When you think about how pervasive print is in most organisations, the lack of proactive security is shocking and scary.”
So, if your business is leaving your printer on the bench, remember you’re much more likely to end up on the losing side.
Want to find out more? Download our printer security business case and get the information you need to make your case for defending your printer network.