The rise of the Internet of Things (IoT) has most people thinking about connected fridges, self-driving cars, and smart homes. However, there are many IoT devices that have been in operation for years that are overlooked by business users and organisations when it comes to cybersecurity. One of these is the multifunction printer (MFP).
MFPs remain useful in many businesses despite the increasing prevalence of digital-only communications. They are so ubiquitous that they can become all but invisible to users and IT departments. This is concerning because MFPs are connected devices, which means they present an endpoint that can be exploited by cybercriminals. That is, unless they’re secured properly.
How MFPs pose a risk
As people return to offices and other workplaces, MFPs are likely to see increased use. Unsecured or poorly secured devices can provide a front door into the organisation’s network. Once a cybercriminal has access to the MFP, they can proliferate throughout the network and cause considerable damage.
There are four ways that MFPs pose a security risk within a business:
- Compromised credentials or outdated software can provide unauthorised access to MFPs. This access can be a starting point for a broader cyberattack, or malicious actors may simply steal the data that’s stored on the device’s storage drive, including potentially sensitive documents.
- MFPs can be used in distributed-denial-of-service (DDoS) attacks.
- Unauthorised users can access the MFPs settings and reconfigure the device. This could result in outcomes such as scanned documents being emailed to cybercriminals, for example.
- Unclaimed printouts may be left on the printer tray, posing an information security risk because unauthorised users can simply pick up the pages.