While visiting organisations during our data walks we will have a conversation with you about how printers are used in your organisation, we will discuss access controls and have a look around the print area and any recycling facilities.  Printing can be expensive as the cost of paper and toner has risen, but it can also be costly to your cyber resilience and your data breach security.
This article covers what vulnerabilities to consider when printing:

1. Consider whether a document needs to be printed, or why it is being printed: if a document containing personal data is printed then it becomes a potential data breach as soon as it has been taken out of it's secure environment. What happens to that document once it has been printed?  Where is it stored? Who is it shared with (is the access control the same as when it was in an online system?). What happens to that document when it is no longer required?
2. PIN/Card/Fob controls for printing: if documents fly out of the printer with no access control, there is the potential of a data breach. Anyone by the printer can pick up, move, put other documents on top of the printer.  The access control that once protected that document is now no longer valid.  Consider too who has access to the printer out of hours if there are documents lying around.
3. Recycling: consider what recycling is near the printer and whether it is valid for the type of printing i.e. if sensitive information is being printed is there a secure disposal method?  If the disposal method is not nearby is the risk of a data breach increased? Regularly check whether there is sensitive or confidential information in the general recycling pile.  Make staff aware of what to do when they find a document in the wrong location with no access control or security.  Consider the benefits of a 'no blame' culture.
4. Printing Software: if you are using printing software to control how documents are printed then ensure that everyone has their own code, that the admin side has a dedicated admin account specifically for the purpose of the program and doesn't use the main admin account.  Ensure that account only has the admin privileges it needs.  Ensure that the software is regularly updated, using vulnerabilities in programs like this that have an admin account which allow access to an organisation's resource via an external method, is an easy way for a hacker to sneak onto your network unnoticed. 

This article was inspired by regular visits to organisations but also because of a recent vulnerability announced by PaperCut:
PaperCut Security Bulletin March 2024

In the world of digital dominance it is very easy to overlook the seemingly innocuous world of paper, it can be easy to forget that any controls around printing may have vulnerabilities other than a paper document.  Tools like PaperCut are valuable tools allowing document management, helping reduce costs and helping people review what needs to be printed in a planet-friendly way.  These types of tools can help track print jobs, provide quota management, secure print release as well as mobile printing facilities.  Because of the nature of such printing solutions that need to integrate with an organisations network and systems, it expands the attack surface of a cyber attack, it can create a gateway in to other systems and data, can cause system disruptions or can lead to more sophisticated attacks, particularly if your organisation is labelled as vulnerable or easy to target.

Ensure that any systems that give access to external third parties, particularly via an admin account, are part of your cyber resilience program.

If you are interested in having a data walk around your organisation or would like to discuss your cyber resilience, please contact us at This email address is being protected from spambots. You need JavaScript enabled to view it..