With all the talk about cybersecurity these days, it’s likely that your copiers and printers are some of the last technology you’re concerned about. However, these common pieces of business equipment can present a serious risk to your network’s security—simply because most people just don’t worry about them enough.
The truth is, connected printers and copiers—and other network-enabled office tech, like fax machines and scanners—can create vulnerabilities you might not have even considered. Wireless printing, mobile printing, and printing from unencrypted hard drives can open your business to breaches. If you are in an industry that is governed by a high level of security compliance, this is not a situation to ignore.
Unprotected IoT devices make your network vulnerable
The Internet of Things (IoT) has always been fraught with security risks. Organizations that don’t put a high priority on securing their connected devices may fall prey to malicious cybercrime as a result.
The way in? Through unprotected IoT devices like printers, copiers, fax machines, and scanners—even coffee machines and security cameras. When unprotected by passwords or firewalls, all of these devices present an opportunity for hackers to gain access to your network and office systems. Their goal could simply be chaos…or they could take down your entire network. Either way, it’s something you don’t want to risk.
What could possibly happen?
In 2017, an “ethical” hacker named Stackoverflowin hacked into 150,000 printers to show people how easy it is to gain access to a network when the printers themselves are not protected by firewalls or device security settings. He targeted more than a dozen major brands of printers, including receipt printers, and sent messages that informed the users that their printer was now part of a botnet.
Fortunately, those messages weren’t true, but the idea behind the hack was loud and clear: ports that were left open and unattended were used to gain easy access. Had Stackoverflowin been so inclined, he could have been able to create a real botnet—one that could target other organizations, launch a DDoS, and ultimately get a lot of people into hot water.
In another, far more serious example, a DDoS attack was launched against Dyn, a company that—up until disaster struck in 2016—was the world’s largest controller of the internet’s DNS infrastructure. The attack, known as the Mirai botnet, brought down some of the most heavily trafficked sites on the web (including Twitter, CNN, Netflix, Airbnb, Zillow, Yelp, HBO, and dozens more). Digital cameras, DVRs, and pretty much any IoT device with a known vulnerability were accessed in what is still regarded as the largest attack of its type to date.
The trouble is, no one really understands the endgame. While there was never any immediate or definitive answer as to who perpetrated the Dyn attack, three college students pled guilty for their role in it, explaining it as a scheme they designed in order to gain an advantage in the popular game Minecraft—a trivial reason that was a far cry from the chaos that ensued.
Software like Mirai in the hands of a group that had a more specific plan—such as to throw a government into turmoil, for example—may well have brought down a lot more than just a few popular websites.
Factory passwords and security settings
Many of these security vulnerabilities originate with the manufacturer. In some cases, IoT machines have a standard factory password that can’t be changed. In others, there are security features that simply do not get enabled when the equipment is set up.
The former situation is something you more typically see with a cheaply-made device—meaning that if you buy from a reputable brand, you probably won’t have that issue. At the very least, this is something you should check into before investing in new office equipment.
The latter situation is far more common. People often just want to “get on with it”: get the machine working and get back to their busy lives. But, by taking an ambivalent approach to your office equipment security, you may be setting yourself—and your organization—up for an unpleasant surprise.
What you can do to protect your data and your systems
By 2025, experts predict that the world could have more than 80 billion connected devices. Currently, we’re hovering at around 11 billion. With the advent of industrial IoT, those numbers will likely explode beyond what any of the pundits have predicted.
In the meantime, here’s how you should be handling the IoT devices in your office in order to keep your business safe:
- Do not add devices that do not allow you to change passwords.
- Do not invest in machines whose software or firmware cannot be updated.
- Change the default user password immediately upon installation.
- IoT device passwords should be unique for every single device.
- Make sure your IoT devices are always updated with the latest software and firmware versions or patches.
Taking these simple steps to protect your company’s IoT devices can make the difference between a secure network and a hacker’s dream scenario. When it comes to security, there’s never a good excuse to be lenient.
If you do business in Arkansas and would like to learn more about IoT office devices and what you can do to protect your systems and network, schedule a call with Business World today.