In a June 2018 Spiceworks survey of over 500 IT decision-makers in North America, 80 percent of respondents reported at least one data security breach within the past year. Thirty-five percent reported internal security breaches via printers, and 27 percent reported external printer-based breaches. These breaches include the relatively benign byproduct of a YouTube.com competition for the most followers as well as breaches coming from sensitive information left on the output tray.1
What’s more, a study done by the Ponemon Institute found the average annualized cost of cybercrime in 2017 alone was $11.7 million.2 That cost — which is not inclusive of damage done to a company’s reputation after a data breach — is enough to make stakeholders think about what it is they do to secure their data. And should make stakeholders think about all of their endpoints as a risk, not just the common ones like PC’s, servers, and mobile.
Research done in 2016 by GovLoop, a knowledge network for government professionals, provided information about the severity of cyber threats, which have continually been on the rise with the advancement of technology.3 In fact, GovLoop advises government agencies to seek external assistance from IT professionals when it comes to protecting their networks from threats. This is good advice for all organizations that do not have an in-house Print Security professional when it comes to their imaging and printing environment.
With print technology becoming more sophisticated, the threat against the entire network and everything on it is becoming increasingly real.
What’s Risky About Printing?
IT departments make a point of safeguarding computers and business networks, while settling for ‘security through obscurity’ for their printers and imaging devices. All too often printers and copiers are viewed as less “risky” with regards to data breaches, but just like other network endpoints, there are quite a few common vulnerabilities.
BIOS and firmware on the device can be infected with malware and put the entire network and information on it at risk. The control panel located on the printer can be a risk as well by innocent users typing in the wrong fax number or email address. Attackers can exploit and unconfigured or poorly configured device through open ports like FTP and Telnet or no account lockout settings. Enabled USB ports also fall under the no/poor configuration that creates a huge risk for the company and an easy avenue to upload malware. The networks used to transfer information from a computer to a printer is at risk, too with information being intercepted unencrypted. Additional points of vulnerability include lack of ongoing management, unencrypted printer storage media, data loss through printing or scanning, end of life data removal, and mobile printing by on-the-go employees, to name just a few.
While the number of potentially undetected security gaps might seem overwhelming, HP’s security services are designed to assess for areas of risk and regulatory noncompliance, recommend solutions, and help customize a plan of action.
With HP Print Security Advisory Service and HP Print Security Baseline Assessment, organizations are able to understand their current device, data, and document security environment. HP Print Security Advisory Service (HP PSAS) and HP Print Security Baseline Assessment (HP SBA) are two different print security services with one goal in mind: to help educate, assess, demonstrate, and recommend a variety of security options to an organization. Both the HP PSAS and the HP SBA are onsite assessments of an organization’s print and imaging devices, and they are delivered by an HP security advisor. HP’s print security assessment services are brand-agnostic and will assess both HP-branded and non-HP devices. So what are the differences between the two?
HP Print Security Advisory Service
HP PSAS caters to larger enterprises in highly regulated industries and who typically have a chief information security officer (CISO) or specialized team covering print security. With this advisory service package, an organization will get a three-day, onsite and in-depth risk assessment of security — covering over 90 security controls, mapping to industry standards like ISO 27001 and regulatory standards like HIPAA and PCI-DSS, deliver a detailed report on each risk identified, and recommendations on reducing those risks while improving regulatory compliance.
HP Print Security Baseline Assessment
The Baseline Assessment is a new addition to HP’s offerings. These assessments are tailored to medium and large organizations that typically have an IT team covering security. The SBA is a one-day onsite assessment of risk, it covers up to 30 security controls, and has more hands-on education. Like PSAS, this assessment comes with recommendations on how an organization can reduce their risk and improve their regulatory compliance.
Why Choose a Security Service?
A 2017 vendor assessment by IDC MarketScape4 recognized HP’s security solutions. “HP Inc.’s approach to security takes the entire print and document infrastructure into account, beginning with locking down the device and extending into all aspects of device usage and content protection,” according to the report. Any size organization can achieve safe and secure print and imaging networks by working with the right technology partner.
If you are interested in a PSAS engagement with HP, please contact firstname.lastname@example.org
1 Spiceworks survey of 501 IT decision-makers in North America, EMEA, and APAC, on behalf of HP, June 2018.
2 Ponemon Study sponsored by HPE, “2017 Cost of Cyber Crime,” 2017. accenture.com/t20170926T072837Z__w__/us-en/_acnmedia/PDF-61/Accenture-2017-CostCyberCrimeStudy.pdf
3 The Current State of Government’s Cybersecurity (https://www.govloop.com/resources/state-governments-cybersecurity/)
4 IDC MarketScape: WW Security Solutions and Services Hardcopy 2017 Vendor Assessment
Lindsey Hearst is Print Security Advisor, HP Channel Lead