The humble printer is still a leading cause of cyber attacks

Encryption denoted by a series of gold padlocks lined up side-by-side, with the center padlock cracked down the middle, showing a break
(Image credit: Getty Images)

Many small businesses across the UK are leaving themselves at risk of cyber attacks due to unsecured printers, according to research from Sharp. 

Analysis by the firm found that printer-related security risks are still largely overlooked by many SMBs, with one-third revealing they have no security measures in place at all to protect them. 

This is despite the fact that nearly one-fifth of firms have fallen victim to a security breach due to printers. 

Mid-market organizations were most likely to report one or more instances of data loss due to printer-related breaches, the study found. Meanwhile, around half of public sector organizations have also experienced a security incident. 

Printer cyber attacks flying under the radar

Across Europe, roughly one-third of SMBs reported data loss, malware, phishing, and computer virus attacks caused by printer security breaches.  

Despite this, fewer than a quarter of UK SMBs say they educate their employees about either scanner or printer security. 

"Big stories about cyber crimes enabled by complex security technology earn the most media attention, it’s the more everyday business functions that can be the issue in SMBs," says Colin Blumenthal, vice president for IT services at Sharp Europe. 

"More often than not, day-to-day security essentials and potential weak spots such as printers are overlooked in their document, device, and network security. These are threats hidden in plain sight."

According to separate research from print industry market research firm Quocirca, businesses tend to see cloud or hybrid application platforms, email, public networks, and traditional endpoints as top security risks

RELATED RESOURCE

A whitepaper from ServiceNow covering ways banking leaders can transform technology risk into advantage with image of female working stood outside high rise buildings, looking at a smartphone

(Image credit: ServiceNow)

Find out how banks are strengthening their digital defense strategy

DOWNLOAD NOW

Only 18% of CIOs consider office printers a key security risk, compared with 30% of CISOs.

However, during 2022 the report found that 61% of organizations experienced data loss due to unsecure printing practices, at an average cost of £743,000.

There have been a number of examples of printer vulnerabilities over the last year. 

Microsoft has been forced to fix three remote code execution vulnerabilities in its printer drivers while Lexmark has warned of a critical vulnerability affecting more than 120 printer models. 

Similarly, some HP printers were found to be potentially vulnerable to information disclosure.

However, Quocirca said many breaches were caused by something as simple as leaving printouts in output trays. 

According to Sharp, the most common printer vulnerabilities are the use of default passwords, unsecured network connections, and outdated firmware, along with unsecured print jobs and remote access.

And hybrid working is upping the risk - although it's seen as a concern by 38% of SMBs, only four in ten cover it as part of their security training. 

"For smaller businesses without large IT resources, the reality of the ever-expanding threat landscape and challenges presented by hybrid working can feel daunting," says Blumenthal. 

"SMBs can start by keeping software for scanners and printers updated, regularly backing up data, and encouraging a consistent security policy across teams working from multiple locations to ensure they’re protected."

Emma Woollacott

Emma Woollacott is a freelance journalist writing for publications including the BBC, Private Eye, Forbes, Raconteur and specialist technology titles.