GDPR: Print device security

  • Graham Herrington
  • September 20, 2017
  • 0

GDPR legislation is set to highlight print device security as a major issue

The forthcoming introduction of GDPR legislation has once again shone a light on the security (or lack thereof) around print infrastructure. As highlighted in our recent blog about GDPR compliant workplaces, print hardware and devices typically remain the weak link in IT security.

What many people fail to realise is that most office printers have a hard disc and a network connection, just like a computer, and yet they are not afforded the same level of hardware protection. Printers present a back door to otherwise highly secure networks and as devices become more accessible, so the risk increases.

The introduction of Airprint technology and wireless printing can be useful from a user perspective, but it also makes devices more visible and therefore more ‘hackable’. To test the theory, we recently sat in a car outside a serviced office block and scanned to see how many devices we could see. An eye watering 25 network access points (excluding wifi access points) were presented for our selection. Now, we didn’t test the security behind these but our experience suggests that we could probably have hacked up to 50% of these with little or no effort, putting us on networks and able to access other devices or upload malware, trojans or viruses. A dedicated hacker would probably be able to access closer 75% and in far less time than a keen amateur.

With print infrastructure once again moving away from centralised print, back to a more generous scattering of devices around the workplace, the risk to IT security, if not taken seriously, will only increase. However, even secure network devices present a continued data risk if other aspects such as secure document destruction, immediate collection of confidential documents and on demand printing are not taken into consideration.

Securing your print estate is not as difficult or expensive as you may think, especially when compared to the risk:benefit analysis of not doing anything, and so we now recommend this as standard for all our clients. For more information, contact us today.