Many SME owners and their staff are unwittingly placing the business at risk by not implementing the same security parameters for internet-connected devices as they do for computers, it has been claimed.
Konica Minolta director of marketing and innovation Shane Blandford suggested that the small footprint, flexibility and capabilities of various multi-function devices (MFDs), like internet-connected printers, make them popular with small and medium-sized businesses.
However, he said that many are failing to recognise that these devices have the same security vulnerabilities as computers.
“Businesses are increasingly connecting their MFDs to the internet. This means they have the same connectivity as PCs and laptops, and the same vulnerabilities. Yet many SME owners and managers aren’t aware of the potential threat that could be sitting right out in the open,” he said.
“It’s also important to remember that MFDs have a built-in memory, which means they store copies of printed, scanned and photocopied documents. If someone accesses that memory, they can potentially view all of those documents, some of which may be confidential or commercially sensitive.”
According to Mr Blandford, the security risk is not just through internet connectivity, but also what happens to documents stored within this memory once the device is replaced.
“If the business donates or recycles its MFDs, or on-sells them, there could be a risk of unauthorised access to the documents in the hard drive,” he warned.
He added that there can also be a risk of people walking past a printer and accessing material that has not been collected.
“While this may not seem like a significant risk in some SMEs, in others, the nature of the information they’re working with could make it a real problem,” Mr Blandford said.
“For example, if a client list is printed out and a departing employee picks it up off the printer and takes it to a competitor, it could put the business at risk.”
He suggested businesses use their device’s in-built security features to full effect, consider optional security features to boost security of sensitive information and restrict access to these devices, and the information they contain, to authorised users only.
American security consultant Kevin Mitnick — a self-confessed “prankster” who at one stage was chased by the FBI, before putting his skills to use helping businesses identify security vulnerabilities — previously told My Business that printers in particular are an easy pathway for hackers to gain entry to a business.
“These companies are hiring us to break into their systems and networks, usually with a higher level of sophistication, but we do look for common mistakes that businesses make — like, for example, not changing default passwords — that we could bring to the client’s attention to obviously shore up their defences,” he said.
“A retailer that I recently tested their security, and I found out that inside the retail store this company had printers, and the printers were on the corporate network. And I figured out that these printers actually had the default passwords that the printers came with: that the company never bothered to change them, and because of that we were able to leverage the printers to get further access into this client’s network.”
Adam Zuchetti is the editor of My Business, and has steered the publication’s editorial direction since early 2016.
- ‘Don’t assume how employees will react to redundancy’
By Simon Rountree
- Customers behaving badly: ‘My time is worth more than yours’
By Adam Zuchetti
- What businesses can learn from Sir Roger Bannister
By Adam Zuchetti