Be warned: Don’t put your business at risk by ignoring the importance of print security
Posted by: David Carthy - Technical Solutions Manager, Pre Sales
When: 12 July 2017
Passwords are like underwear, you don’t let people see it, you should change it very often, and you shouldn’t share it with strangers – Chris Pirillo
According to a recent report carried out by Quocirca (2016) 51% of organisations plan to increase their expenditure on Managed Print Services (MPS) over the next year and after cost, ‘security’ is now the second top driver for adoption of a managed print service, indicated by 81% of respondents, with many companies now beginning to take security assessments as part of their MPS process. In a recent print security event held by Ergo, a number of attendees where asked “Do you restrict access to the embedded webpage of your printer through the use of a username and password and if yes, who is responsible?”. While most suspected that they were probably using the default username and password one person commented that when they asked their MPS provider to change the password on their devices they were told it could not be done, yet subsequently he was able to change it himself on each device.
Answer the following about your business:
1. Do you know what the password is?
2. Do you or your MPS provider change each device password on a regular basis?
3. Are you aware that the device may be using the default manufacturer username and password?
If you have answered no to any one of the above questions, you should be hearing warning bells.
The only real security that a man can have in this world is a reserve of knowledge, experience and ability – Henry Ford
The Hackers Playbook 2 by Mark Kim demonstrates superbly how a username and the password can be retrieved in plain text by using a listener on port 444 through a LDAP query. Once the attacker has this they now most likely have an account to move through your network. Consider this stat, “75% of individuals use only three or four passwords across all of their accounts” making life very easy for these talented hackers. Don’t put your business risk by ignoring the importance of print security. At Ergo, we have been supplying MPS for over 20 years and through our many years of experience we have developed a comprehensive vendor neutral Print Security Audit which we carry out for clients who wish to see potential vulnerabilities and holes in their printing devices.
The six areas focused on in the Ergo audit are:
• Network Security
• Fleet Management
• Mobile Print Security
• Document Security
• User Authentication and Access control
• Printer Had Disk Drive Security
We will present you with a detailed report highlighting holes and potential threats that your printing devices may be vulnerable to and we provide recommendations of how you can fix and prevent such threats. Organisations then have a better understanding of their own print security landscape.