Is it time to go paperless to improve security?

November 19, 2021by Rob McBride
go-paperless-to-improve-security-1280x720.jpg

The media attempts to scare us with visions of “hoodie-wearing hackers” using new and ingenious techniques to infiltrate the network of major corporations. But are we overlooking a more obvious cybersecurity threat to organisations – the big, bad printer?  Furthermore, is it time to scrap your print infrastructure and go paperless?

If you think that sounds a little crazy, consider that only a fifth of IT decision makers have complete confidence in the security of their print infrastructure. And last year, 3 in 5 businesses suffered a print-related data breach.

The challenge with print infrastructure is that it’s vulnerable to multiple threats, ranging from unsecure printing practices, to improper disposal of information, human error, and the printer itself providing a ‘back door’ into your network – research conducted by the Ponemon Institute found that on average, 44% of network-connected printers are not secure and allow unauthorised access to data.

How exposed does your printer policy leave you to cybersecurity risk?

Not all breaches are bad. Last year, a team of ethical hackers wanted to highlight the risk surrounding print infrastructure, particularly when more people are working remotely and connecting personal printers to their corporate IT infrastructure. They identified nearly one million vulnerable devices and launched an ‘attack’ to raise awareness of the issue – unprompted, thousands of printers produced the message, ‘This printer has been hacked’, along with a guide to protect against bad actors.

Additionally, many people don’t realise that by printing work-related documents at home they also risk breaching GDPR. Of the two-thirds of employees that admit to using their personal printer, a fifth have exposed confidential employee information, including payroll, private addresses and medical information.

Once information is printed, it’s at risk of being casually left on a desk, around the office, or on public transport while travelling home at the end of the day, exposing it to wandering eyes. Nearly three-quarters (71%) of employees say they have picked up, or seen, paper documents in a public space that contained sensitive or confidential information. And it happens in every organisation. Take the recent breach by the UK Ministry of Defence, where a 50-page classified document relating to a Royal Navy operation was found by a member of the public at a bus stop.

The reality is that 1 in 10 of all security incidents is print-related, making printers perhaps the most overlooked cybersecurity risk.

How can you reduce cybersecurity risk from printers?

You could continue to trust your people to print the right things, dispose of data in the right way and secure their home devices – perhaps reinforcing this through annual security awareness training. But the reality is that three-quarters of cyber threats originate from inside your organisation – so even when people are trying their hardest, mistakes will unfortunately happen.

Part of the cybersecurity team’s role is to make it (near) impossible for people and computers to do certain things.

One option is to limit access to printers. For example, making people request the documents they need from a central print room/service/person. While this will inevitably cause some friction, it will both reduce the frequency that people print and help ensure accountability for the correct handling and disposal of the document.

But if you’re going to limit access to printing, why not just get rid of printers entirely? No printers mean no risk of physical documents leaking and no backdoors via your unpatched printer into the corporate network.

Can you operate without printers though? While it might seem like a step too far for many, we can see a world where:

  • Meeting printouts are projected in meeting rooms and/or viewed via attendees’ laptop/tablets.
  • Tablets/digital notepads automatically convert handwritten notes on reviewed documents into text.
  • Invoices, receipts and accounts are all stored electronically with strict access controls.
  • Digital signing replaces the need for wet signatures on printed documents.
  • E-readers are used to download PDFs and monthly reports.

The added benefits of going paperless

Did you know that printing costs can account for 5% – 15% of an average organisation’s annual revenue? Going paperless will significantly benefit the bottom line for your company. Citigroup estimated that just asking employees to print double-sided would save $700,000 each year.

There are environmental benefits too. The 9,000 sheets of paper an average office employee prints per year equates to one tree. Then to manufacture a single A4 sheet uses half a litre of water and 49 watts of energy. And that’s just the paper. You then need to consider toner and ink production, consumption and disposal, as well as the printer itself.

And you can enjoy operational efficiency savings. About half of all help desk calls are printer-related. Just imagine what your team could do with all that time back to focus on the issues that really matter…

CyPro thinks differently about cybersecurity risk

It’s easy to get distracted by headlines talking about ransomware and cryptojacking, potentially leading you to focus your efforts on the lesser cybersecurity risks for your business.

We are highly adept at identifying the most significant cybersecurity risks for a business – which might well include printer infrastructure – and getting straight to work on putting the necessary controls and processes in place to mitigate those risks.

Find out more about how CyPro’s Managed Cybersecurity Services reduce your attack surface and increase your security maturity to make you a sound investment.

Cross cybersecurity risk off your to-do list…

[link to new webpage]

Rob McBride