Is your office printer secure?

Proposed certifications will ensure the security of printers, faxes and security cameras against potential hacking attempts

Hackers may be using your office printer as a conduit for criminal activity. Think about it: A printer in today's office environment often saves on its hard drive all images of documents that are printed, scanned or faxed. Therefore, hackers who know anything about accessing files on a network might easily gain access to that sensitive data (Read about some of the security features on modern printers in Joe's Office: Secure Printer).

This kind of threat is too frequently overlooked, according to ISCA Labs, a security products testing and certifications firm. ISCA said Monday it is introducing new certification and assessment programs that will address security threats posed by networked devices such as printers, fax machines and security cameras (See also: How Will We Secure the Internet of Devices?). The programs, known as Network Attached Peripheral Security (NAPS), will include a vendor certification program. The class of network-connected devices addressed by the program will include printers, faxes, point-of-sale systems, copiers, ATM machines, digital signs, proximity readers, security cameras, and facility management systems for power, lighting and HVAC systems, said George Japak, managing director, ISCA Labs.

"You have UPS systems, you have power strips, I could go on an on about the different devices that are being connected with this functionality"

Network-connected devices, according to Japak, can pose as much risk as an unsecured server on the network but are often ignored and are typically not securely installed or configured by end-users, he said. Network-attached devices, like network servers, are at risk for unauthorized access and data breach, denial of service attacks and can even propagate worms like Code Red Nimda. However, specific statistical data to back up the severity of the security issues posed by network-connected devices is scant. ISCA referred to figures from the Verizon Business 2009 Data Breach Investigations Report which finds many breaches occur through what is called "unknown, unknowns," which can involve systems such as printers and faxes. No further data about specific attacks or incidents was available from ISCA.

"Based on the feedback from current and prospective customers, this is going to be or have the potential to be a significant issue and problem with enterprises as they continue to deploy these devices," said Japak.

Networked-device security is certainly not a new issue and the potential for security problems with devices has been talked about for several years now (See: When Everything's Networked). Printer security has also received attention from other organizations. Earlier this year, the IEEE released new security standards for networked printers that include specifications and a checklist for printer security requirements. The standards, known as the 2600 Profile requirements, were created by IEEE in a joint effort with Xerox and were created to give printer vendors basic security requirements when developing devices. Japak said ISCA is still reviewing the IEEE standards to determine who they will fit in with the NAPS program.

The NAPS certification will target device manufacturers and will include rigorous testing that examines several different aspects of a device and how each impacts its overall security. ISCA is also hoping to gain attention from enterprise clients concerned about device security with a NAPS assessment program that offers an evaluation and report with results of testing and recommended configuration instructions.

Join the Good Gear Guide newsletter!

Error: Please check your email address.

Tags Printerssecurity

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Joan Goodchild

CSO (US)
Show Comments

Essentials

Lexar® JumpDrive® S57 USB 3.0 flash drive

Learn more >

Microsoft L5V-00027 Sculpt Ergonomic Keyboard Desktop

Learn more >

Mobile

Lexar® JumpDrive® S45 USB 3.0 flash drive 

Learn more >

Exec

Lexar® JumpDrive® C20c USB Type-C flash drive 

Learn more >

HD Pan/Tilt Wi-Fi Camera with Night Vision NC450

Learn more >

Audio-Technica ATH-ANC70 Noise Cancelling Headphones

Learn more >

Lexar® Professional 1800x microSDHC™/microSDXC™ UHS-II cards 

Learn more >

Budget

Back To Business Guide

Click for more ›

Most Popular Reviews

Latest News Articles

Resources

PCW Evaluation Team

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre x360

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga 910

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?