- Departments often don’t collaborate when buying new printers, risking buying flawed equipment
- They also don’t patch on time or enough – leaving the doors wide open
- Decommissioning office hardware is also a problem
Hackers could be using your business printer as an easy backdoor into your corporate network and all of the devices connected to it, experts have warned.
A new report from HP Wolf Security outlines how most enterprises neglect their printers throughout the device’s lifecycle, finding just a third (36%) of those surveyed apply firmware updates as soon as they’re available.
Firmware updates are vital as they often address newly discovered vulnerabilities, and if they’re not applied, cybercriminals don’t have to blindly search for flaws – they know exactly where, and how to strike and move in.
Four stages (of the printer apocalypse)
But firmware update woes are just during the Ongoing Management stage, as the report notes a printer’s lifecycle has four stages, including Supplier Selection & Onboarding, Remediation, and Decommissioning & Second Life.
During all of these stages, printers are exposed to different risks, including the lack of procurement collaboration, RFPs going unchecked, and the inability to verify the printer’s integrity.
The report also found most firms see data security as a barrier to printer reuse, resale, or recycling, and just a third (35%) said they were uncertain whether printers can be fully and safely wiped.
At the same time, a quarter believes it’s necessary to physically destroy printer storage drives, while a tenth insists on destroying both the device and its storage drives.
“Printers are no longer just harmless office fixtures – they’re smart, connected devices storing sensitive data,” warns Steve Inch, Global Senior Print Security Strategist at HP Inc.
“With multi-year refresh cycles, unsecured printers create long-term vulnerabilities. If compromised, attackers can harvest confidential information for extortion or sale. The wrong choice can leave organizations blind to firmware attacks, tampering or intrusions, effectively laying out the welcome mat for attackers to access the wider network.”
