Paper Jam! Is Your Retail Print Environment a Security Threat?

November 22, 2016 | Post by Tom Alvey | 0 Comments
Retail Print Environment

Security has always been top of mind for retailers. A successful breach could result in the loss of sensitive customer data such as credit card and personal information. As new in-store retail technology solutions collect even more data to improve the shopping experience, customers expect retailers to keep it safe.

The average cost of cybercrime for retailers was $4.9 million USD in 2015. Not only is an attack incredibly costly, but it also results in widespread public backlash and severely damages consumer trust in the brand.

It’s no surprise then that PWC found retailers increased their information security budgets by 67 percent in 2015. Desktop and laptop computers, mobile phones, point-of-service (POS) systems and other devices connected to the network are all secured and tightly managed to prevent attacks.

Print Security is Often Overlooked

So why do so many retailers overlook their printers? Modern multi-function printers (MFPs) are basically self-contained computers and they connect to the network and Internet to provide a range of services beyond just printing. However, HP found that 60 percent of companies have unsecured printers. A separate report showed that only 44 percent of organizations’ security policies explicitly include printers, and many employees may not follow these policies as they are unaware of the risks associated with these devices.

The impacts of these vulnerabilities are clear. Sixty-four percent of IT managers state that their printers are likely infected with malware, and 61 percent of enterprises say they have suffered at least one data loss event through unsecured printing in the past year. So how can attackers steal sensitive information through a multi-function printer?

Gaining Network Access

Leaving printers unsecure is like leaving the safe open and the front door of the store unlocked. Unsecured MFPs present an easy opportunity for hackers to gain access to a retailer’s entire network, opening up almost limitless opportunities for attackers. Most printers run multiple unsecure protocols, such as Telnet, HTTP or FTP, by default. Physical ports such as USB or network ports can also be used to install malicious software. Once installed, malware could simply sit on the printer and intercept jobs, or it could move across the entire organization.

To prevent this from happening, unused protocols should be turned off and physical ports should be disabled or controlled. All printers should be behind the firewall and access should be controlled at the individual, group and activity level. Finally, proper monitoring from a centralized location can help spot anomalies early on, before they can seriously harm a retailer.

Intercepting Data Sent to Printer

Modern MFPs store data locally on hard disks. Often, this data resides there unsecured for long periods of time, making it easy for attackers to get access to everything the MFP has ever printed, scanned, faxed or emailed. Similarly, print jobs could be intercepted in transit, allowing hackers to “eavesdrop” on sensitive documents.

Consider the types of documents that are printed in an office. Confidential business information and sensitive employee or customer data could all be put at risk. Proper encryption techniques must be used at each stage of the workflow, ensuring data is protected both while in transit and while stored locally at the printer. And policies need to be put in place to remove information after a certain amount of time, or before disposing of or returning a printer that’s reached the end of its life.

Acquiring Physical Documents

It’s almost an office cliché. How many times have you been to a printer and seen a pile of unclaimed documents just sitting there? Whether you find it funny or frustrating, it’s actually a potential security threat. Confidential information could be accidentally or intentionally taken by someone passing by, especially if printers are left out in the open and are not behind access control points.

The physical location of printers within a retailer’s head office or stores is an important and underestimated aspect of security. MFPs should be in a visible area to prevent someone from tampering with them, but only be accessible to employees. To prevent unclaimed documents from piling up, it is recommended that employees have to release jobs before they will print. Not only does this increase security, but it will also reduce print costs across the organization. Finally, any printed information should be shredded and properly disposed of when no longer needed.

Security Threats for Retailers

For retailers with hundreds of locations across a wide geographic area, having the ability to manage the entire print environment from one centralized location is critical to ensuring security. Policy-based approaches should be deployed to manage access, and all devices should be monitored to detect anomalies or malware before it can spread out across the network.

With all that is at stake, retailers can no longer afford to overlook the vulnerabilities of their network printers. Choosing a managed print services provider can help retailers detect problems quickly, develop and implement security policies and purchase the right printers for their business. Once properly configured and deployed, a centrally managed print environment can lower overall costs while making a damaging data breach much less likely.

Whether opening new stores, or refreshing the technology in existing ones, security of your retail IT system is crucial and is a strategic advantage. Learn more about the other steps we recommend for an in-store technology refresh and leave your comments below.


The content and opinions posted on this blog and any corresponding comments are the personal opinions of the original authors, not those of CompuCom.

  • Tom Alvey's picture

    Tom Alvey

    Tom Alvey is the Senior Vice President of the Retail Vertical for CompuCom. He has responsibility for Sales, Strategy and Account Management for all of CompuCom’s retail clients. He has over 25 years of successful executive-level leadership experience in the IT industry. Prior to CompuCom he held several executive-level positions at a major OEM specializing in the retail industry and a global telecommunications giant. He has expertise in sales, business development, and operations.

Add new comment


[x] Close

Sign Up for Email