Top 10 Tips for Printer Security
For many MSPs, security is their number one priority. And for good reason.
A breach in security can lead to catastrophe for your clients, costing them money, time, reputation, and countless hours of labor to retrieve stolen data.
A breach in security is a sure way to irreversibly damage a relationship between your MSP and your client.
And while your team may have a firm grip on every corner of your clients’ network protection with top-shelf BDR, many MSPs have a glaring blind spot on print devices.
With so many different makes, models, and brands of print devices, each with its unique user interface, MSPs need help to secure each device correctly. And without a trustworthy print vendor on the case, your clients won’t know how to secure their data either.
That’s why Print Partner is here to help you and your clients. With over 14 years of industry experience, our Print Partner team knows the ins and outs of securing print devices. And so, we compiled an easy list to ensure your clients’ businesses are protected from potential vulnerabilities when installing and running print in your customer environments.
This article will review tips on what to do and what not to do when setting up a printer to ensure maximum security.
How to Secure Print Devices
To help your clients secure their print fleet, we’ve come up with a list of best practices, as well as things to avoid.
We’ll start with what your clients should do when setting up a new device.
1. Change Print Device Passwords
Let’s start with the obvious: make sure your client changes passwords on all new devices!
We recommend they change the admin password immediately after installation. Clients should change the device password from the default to something solid, using uppercase and lowercase, numbers, and special characters. (like…not password123, please)
Once changed, the client needs to document the new passwords in IT Glue or whatever system they have to manage sensitive information. Nothing is worse than being locked out of the admin account because you lost the password! (Factory reset, anyone?)
This all may sound like common sense, but in reality, few device operators take the time to bother changing the passwords. And for such a small, low-effort measure, a password change can significantly lower your client’s risk of getting hacked.
2. Update Print Device Firmware
Your clients need to keep their firmware up to date, always!
Outdated firmware can leave clients vulnerable to ransomware, malware attacks, and data breaches.
We recommend they integrate a quarterly review of firmware updates across print devices. That way, even if users procrastinate on updates, they will set aside time throughout the year to catch up on any lingering updates, ensuring they stay caught up.
3. Protecting Print Devices from Cache Poisoning
Device users must protect their print devices from potential cache poisoning (yeah, it’s as bad as it sounds) and other intermittent connectivity issues by ensuring their DNS/IP settings are 100% accurate.
You may be surprised to learn how frequently print devices are set up with public DNS (18.104.22.168, .4.4) to get SMTP to work correctly.
We also strongly recommend setting aside a contiguous range of IP addresses that clients can assign to print devices rather than having them spread all over their subnet.
4. Follow Print Vendor Security Bulletins
Following vendors’ security bulletins is another easy way for your clients to strengthen their device security protocol.
We know how easy it is to delete emails that clutter our inboxes, but it’s vital to their security that they read everything their printer vendor sends.
Some security updates will require action, and putting those off can leave clients wide open for security breaches.
5. HTTPS and HTTP on Print Devices
Finally, advise your clients to enable HTTPS on print devices and disable HTTP.
HTTPS provides far more security and protection via encryption, making a hacker’s job much more difficult.
While this list isn’t exhaustive, and there are plenty of other small steps your clients can take to beef up their protection, this list is sure to put them on the right track.
Print Device Practices to Avoid
While our list of things to do that your clients’ devices can quickly boost their security, they also need to know what not to do.
Here are five tips on practices to avoid to keep your client’s systems protected.
1. Avoid Using Admin Accounts for Print Device Settings
Advise your clients not to use a domain/global/admin account as the network account for any printer or copier settings.
They can protect infrastructure configurations by assigning copiers to a specifically-named account they use for printing and ensure that the account only has rights to support printing and scanning to network locations as appropriate.
2. Don’t Use Critical Infrastructure’s Network for Printing
In large corporate environments, setting up a copier on the same network as the company's critical infrastructure is a big no-no.
Your clients should set devices up on their subnet or VLAN. That way, if a security breach does happen with a print device, their system is somewhat insulated. Doing so also makes the management of devices more accessible.
3. Use Correct Version of SMB
Clients should not use SMB 1.0. By doing so, they lose fundamental protections from security downgrade attacks that later versions offer.
After all, SMB1 depreciated in 2013.
At the time of writing this article, SMB2 or SMB3 are ideal and offer essential upgrades that make them far superior to earlier versions.
4. Limit Print Device Access
Your clients should not give everyone access to everything. For example, the sales team doesn’t need access to the HR printer.
Users don’t want to scroll through an endless list of copier options.
Also, limiting access protects potentially private information that other users are printing to the devices. Clients should consider implementing a follow-me print for additional security.
5. Don’t Leave Your Client’s Print With Poor MPS
Even if your client does everything you tell them to, copiers and printers are complicated devices, and important security measures can easily slip through the cracks.
A quality managed print services (MPS) provider can monitor your client’s fleet and advise them on more advanced security measures that even your MSP may not be aware of.
To learn more about the many benefits of MPS, read: Top 4 Benefits of Managed Print Services
Copiers and printers, when handled correctly, can be safe and secure devices. So make sure your clients avoid these common mistakes.
If your clients play by the rules, your MSP’s job of protecting their network will be much easier.
Print Partner's Commitment to Device Security
Printer and copier security is no joke. Our list will equip you to educate your clients on what to do (and what not to do) to protect their businesses.
But to ensure total security of print devices, you must ensure that your clients’ print fleets are managed by a reputable managed print provider that takes security seriously.
That’s where we come in.
After working with hundreds of MSPs across the country, we know how important security is, and we take data protection very seriously.
When you work with Print Partner, we collaborate with your MSP to deliver the most secure and efficient print service possible.
We also know that in today’s market, options are everything.
Download our Print Vendor Checklist today to help vet print providers in terms of services offered, print support, location, and much more -