This post was contributed by Josh Balka, Printing Product Offering Manager, Peak-Ryzex, a Zebra Premier Solution Partner and registered Independent Software Vendor (ISV).
Cyberattacks and security breaches are on the rise as hackers are becoming increasingly sophisticated at obtaining company’s valuable data. Every endpoint connected to the internet is a threat, including networked thermal printers as Zebra’s Mike Millman pointed out in this blog post. But maintaining enterprise security without disrupting workflow can be a challenge.
Here are four best practices you should consistently apply to reduce vulnerabilities in your printing devices and overall IT architecture:
1. Plan for Device Retirement
A security environment is only as strong as its weakest endpoint. Legacy hardware may still be performing but carry outdated firmware and security protocols, leaving your network open to intrusion. You wouldn’t allow a Windows 2000 laptop on your network, and printers should be no different. All enterprise devices, including thermal printers, need well thought out security plans following best practices in the industry. Take advantage of the tools available that will help you assess your current security risks. For example, Zebra offers a free security assessment wizard that will show how your organization stacks up against industry security best practices and help uncover potential vulnerabilities. As your printer fleet is upgraded, your organization should be checking that existing systems aren’t hardcoded to look for retired units.
2. Update Device Operating Systems
Unlike consumer devices, which may last just a couple of years on your network, industrial devices such as thermal printers have a longer life. During this lifecycle, your network standards are likely going to change, so picking a device with an operating system (OS) that can adapt and update with current standards is key. An intelligent printer will continually add device enhancements and new capabilities, extending and expanding the device’s total value.
Consider a solution that tackles this challenge for you. For example, Zebra Print DNA printers use the same OS (Link-OS) from the mobile printer, to the desktop printer, to the industrial printer product families. This makes it easy for you to discover, deploy and manage applications for all your printers – globally if needed – from a single location.
3. Rethink How You Handle Firmware Updates
Security planning is not a one-time event. No device is “un-hackable,” and firmware updates are critical to stay one step ahead of intruders and keep up with current industry standards. Thermal printers often sit out in open areas, making the devices both easy to use and misuse given the open access to the settings panels. The lack of OS updates represents a moment of vulnerability to your infrastructure.
Device update methods should include a form of digital signature or checksum to ensure the OS file(s) being applied is correct. Moving to some form of protected access is an easy first step to consider. Even activating a simple, front panel password system can make a meaningful difference in both confidentiality and availability. Zebra Print DNA printers can provide further protection by enabling you to place printers in a protected mode that requires an admin account to make changes to the printer’s settings.
4. Expand Fleet Visibility and Threat Detection
Without visibility into your printers’ performance, it can take months to detect an intrusion. You must be able to expose events before they happen with real-time visibility and management. Even with remote printers, having a dashboard view to show real-time status and alerts is a critical component to maintaining a secure printer fleet. In addition to dashboards, properly configured activity and audit logs can be used to detect bad behavior. If you suspect a device has been removed or tampered with, credentials can quickly be withdrawn, removing a potential bad actor from your network.
It’s also pivotal to ensure that information is only available to the people who are authorized to access it. Wireless printers, which can travel outside of your organization’s four walls, should have a unique, signed certificate to authenticate users’ Wi-Fi connections and encrypt the critical data they transfer. (In case you didn’t know, this feature is also a part of Zebra’s wireless Print DNA printers.)
Security is a critical piece of your enterprise printing solution. When evaluating printer options, be sure to consider the tools available to help identify printer security vulnerabilities, extinguish them, and protect against future intrusions. And, if you already have a Zebra Print DNA printer, contact either your Peak-Ryzex or Zebra representative to learn more about how the Print DNA ecosystem and PrintSecure tool can help you defend your operation's digital assets and infrastructure against potential security breaches.