Over half (54%) of small and medium sized enterprises (SMEs) in the UK are exposing themselves to a serious data breach because they are not adequately protecting their office printers, according to new research from Sharp.
Despite latest analyst reports suggesting that print-related data loss costs larger businesses an average of £313,000 a year, the threat posed to a network by connected printers and MFPs is still being overlooked by businesses across the UK.
The new research provides a snapshot of office printing behaviour across Europe and revealed that UK office workers are oblivious to the potential risks posed by printers and multifunctional printers (MFPs) in their workplace, with 95% not considering these devices as an IT security risk. In contrast, a third of office workers did associate physical print-outs left in the paper tray with a potential data security risk.
And although high-profile print hacks such as those connected to YouTube star PewDiePie have made headlines, only 18% of office workers were aware that printers could be hacked – but didn’t see this as a risk to their company. 54% said that their printers didn’t require any user authentication, anyone could use the devices freely.
In response to the research findings, Sharp has launched a free data security guide for SMEs, developed with ethical hacker, Jens Müller. The free ‘Simple printer security for small businesses’ guide can be downloaded here and includes easy-to-follow tips for those responsible for office technology.
Müller explains the risk, “Printers are everywhere. Every company has one, and today they are usually connected to your company’s network which means they become an easy target for hackers if they are not secure.
“Not only can printers and MFPs provide access to sensitive printed, scanned and faxed documents, there is also the risk of more sophisticated attacks which can escalate into the company-wide network. Hackers only need to find one way in and they will look for the weakest link. Make sure it’s not your printer.”
The issue is more pronounced for smaller companies - those with less than 50 employees were least likely to have security features in place. 66% allow anyone to use their printer freely, compared to 43% of larger organisations (151-250 employees). Industries typically handling sensitive or confidential information, including HR and legal, were also less likely to have basic security features in place with 62% allowing anyone to use their devices freely.
Peter Plested, Director of Information Systems at Sharp, adds “The impact of data breaches, both financially and regulatory, can be devastating for companies of all sizes. As our research highlights, smaller companies have less resource and less ability to tackle cybersecurity, and that’s why educating employees on these risks is so important.”
