Skip to main content

The security blind spot in the office of things

(Image credit: Image source: Shutterstock/everything possible)

Gartner estimates that there are 8.4 billion Internet of Things (IoT) devices in the world today; devices which can communicate, with us, with applications and each other through an internet connection. This number is growing at a rapid rate and creating data in volumes we have never experienced before. This data and our ability to manage it, is having a massive impact on our day to day lives. From personal assistants to wearable devices and even connected cars – this technology is completely transforming the world around us.

These innovations seem revolutionary, connecting previously isolated parts of our lives. But the IoT has been changing the way we work for years, allowing us to connect to networks from home, email on the move and - since the advent of the multi-functional printer - to connect to any IoT-enabled printer across a global organisation. We live in an increasingly connected world, and with that increased connectivity comes increased risk. Businesses now need to learn to minimise the threat from this new reality, they need to eliminate the security blind spot in the office of things. 

Connectivity in new and unexpected places 

Accessing applications and data across multiple networks, both trusted and untrusted, means information is regularly spread outside the safety of the office environment. Currently, more than 50% of all corporate network activity comes from mobile devices, and with this number only expected to grow, managers and IT departments are facing a huge challenge to limit the risk posed by these devices. However, these threats aren’t solely present in devices outside the ‘traditional’ office network, even devices from within the physical confines of the office can pose a serious risk.

Printers are rarely top of mind when it comes to security, but, the days of the humble office printer are long gone. The multi-functional devices of today are vastly sophisticated, operating as connected hubs, holding some of a business’s most valuable and sensitive data. If we consider the type of information that is generally hosted on these devices, it often contains business critical data, because this is the information that we most need to be copied, printed, scanned and then shared. This is the business-critical information that needs to be disseminated among workforces. Left unsecured, these internet connected printers can represent a massive opportunity for hackers.

With all the measures taken to safeguard smartphones, laptops and corporate networks, printers can often be a serious blind spot in the security chain.  In fact, 50% of respondents to Canon’s Office Insights 2018 research were concerned about people leaving behind confidential documents on a printer or copier. Document theft and snooping have huge implications - data breaches aren’t graded based on sophistication, data loss is data loss. And as GDPR is implemented the risks posed to a business, both in terms of financial penalties and reputational damage, will increase exponentially. Companies must ensure that every link in their security chain is secure, not just the obviously exposed parts.

However, nowadays it isn’t just physical documents that pose a risk. A large proportion of MFPs store data electronically and without strict control over printer settings and internal storage, hackers could have access to the valuable personal or business information stored within the device. Once access is gained through this back door, a business’s entire network of connected devices is left vulnerable to attack. One weak link, one blind spot, can compromise a whole network. 

Identifying blind spots 

The likes of connected printers are simplifying business processes, driving efficiency and reducing costs. However, as the number of connected devices in business grows, organisations are presented with an increasingly complex security challenge. Vast amounts of private data is collected by these IoT devices and sent over corporate networks every moment of every working day. This presents CIO’s with a risk-reward decision. Balancing the risks presented by connected devices against the benefits they can have in terms of innovation, agility and ease of use has become an important decision in organisations of all shapes and sizes.

The reality is that office networks, unless regularly checked, can quickly become dangerous places for private and sensitive personal and company information. All too often the stringent security measures put in place to protect data managed by IT are not applied to physical documents, or the office devices that are used to print, capture and share them.

As end points to an office network, connected printers, scanners and copiers, represent a critical data security threat; unless the devices are appropriately configured and deployed on a secure network. Keeping information confidential requires the entire document life-cycle to be made secure. 

A matter of control 

While connected technology represents a huge business benefit, both CIOs and IT leads have to be aware of the risks these devices can pose. However, in the case of the connected printer, establishing who’s responsible can be a challenge in and of itself. Often these devices sit outside of the jurisdiction of the IT department falling instead at the feet of facilities or even HR. Given the amount of highly sensitive information to pass through these devices on a daily basis, and the technology powering these modern machines, security protocol needs to be aligned before purchase and deployment decisions are made.

While the technology behind printers has moved on significantly, the way in which they’re perceived and managed in many businesses simply has not. This makes it more difficult for those responsible for the security of the entire network or infosec strategy to do their job effectively.

As the IoT revolution continues to change the office environment, businesses must keep up with this constant innovation, while recognising and swiftly responding to the risks that come with change. Businesses must begin to audit their security controls, and ensure they are fully aware of where sensitive data is being hosted and where it is being shared. Having full visibility of network access points and the information stored within, will be key to mitigating, and potentially eliminating, the security blind spot in the office of things. 

Rob Ferris, Director of Document Solutions at Canon UK (opens in new tab) 

Image Credit: Everything Possible / Shutterstock

Rob is a member of the board of directors and executive management team at Canon UK & Ireland. He plays an active role in the strategic direction and operational performance of the company specifically leading the Document Solutions Business Group. This group is responsible for delivering all printing and imaging technologies and services into the office environment.