Peripherals that attach to your system are most likely never patched with security updates. So, your printer or thumb drive may make your system a wide-open gateway to the network.
Nearly every business relies on a computer system to function. Peripheral devices such as multifunction printers that scan, copy, and print can be a weak link in your company’s cyber security. The dangers are great and diverse information such as intellectual property (trade secrets), employee personal identification information and consumer/client credit card information can all be exposed to prying eyes.
Your company, like most others, likely keeps current with security patches for your OS and programs. But, peripherals that attach to your system are most likely not patched at all. So, your printer or thumb drive may make your system a wide-open gateway to the network.
What Are the Dangers Associated with Peripherals?
Multifunction printers (MFPs) that copy and scan in addition to printing are often overlooked in their importance to keeping up cyber security. These are very smart peripherals and come with their own operating system. However, there may be a steep price paid for the convenience of these MFPs. Whenever workers copy, print, or scan a document, an image of the document remains on the printer’s hard drive. In addition, workers often scan documents and email them directly from an MFP. The information stored on or sent from an MFP is at the same risk of a breach of information stored on personal computers. Popular printer brands that are prone to a variety of cyber attacks include:
From a network view, there is no difference between an MFP and equally powerful computer nodes yet, IT departments often overlook MFPS as a security threat. So, where do leaks from these important system components arise?
- From its own CPU
- From the operating system
- At the network interface
- From disk drives on the unit
- From PDL Interpreter(s) PostScript
- At the local user interface
- At local hardware ports
Multifunction printers are peripheral devices, but they aren’t portable. It is improbable to think that a staff member can lug an MFP around during the day. But, there are many peripherals that fit in a pocket. They do connect to a company computer system and they do present cyber security risks. These devices include:
- Jump or thumb drives
- Personal audio devices
- A computer mouse
- Other devices that connect via a USB port
According to TechAdvisory.org, 25% of malware can be traced back to USB devices. It is ironic that some features of portable devices that make them so popular also make them more vulnerable to a malware attack. For example, if you connect a USB type device such as a keyboard using Bluetooth (BT) or an audio device using Wi-Fi you have new points of access that can be exploited by hackers as they are “discoverable” by criminals.
Consequences of Peripheral Devices Leading to Breaches
Breaches that come from entry points found on peripheral devices can lead to severe penalties.
- Trade secrets left in a copier are easily picked up by a dishonest employee and sold to the competition.
- Malware can bring systems to an unwelcome stop.
- If customer/client information is breached you can be fined by government authorities, sued by clients/customers, pay for ID theft monitoring for breach victims and more.
Security is as important for small and medium-sized businesses as it is for the big guys in your industry. If your budget and IT needs don’t support an in-house IT department, consider an IT managed services provider to help with security.
Author: Aaron White, Date: 6th March 2017