Why Your Innocent Office Printer May Be a Target For HackersThere are two types of companies: those that have discovered security breaches and those that don't yet know they've been breached.

ByKevin Pickhardt

Opinions expressed by Entrepreneur contributors are their own.

Shutterstock

Most of us hadn't even had time to violate our New Year's resolutions when, three days into 2018, the bombshell news broke of amajor security flaw found inside Intel processors, affecting millions of computers. As CEO of a software solutions company supplying corporations and government agencies alike with on-premises and cloud-based solutions, I took notice.

Related:Here's How Taking Cybersecurity Very Seriously Enhances Your Brand

四个独立的研究组织刚刚revealed that 100 percent of my clients faced a new security risk. This is the new normal for every one of us.

On one hand, this story demonstrates the benefits of cloud computing. Our cloud-service provider was already aware of the Spectre and Meltdown vulnerabilities -- the two actual flaws in Intel processors that led to the story's breaking. Having proactively prepared the patch for their servers, the CSP was able to handle the issue quickly and without further trouble.

The implementation of that fix, throughout our four cloud instances serving thousands of customers worldwide, was completed within 48 hours, and with no down time.

保护许多个人客户这样快ly and completely would have been impossible had the servers been on site.

But the Meltdown and Spectre flaws remind us that security threats can emerge from unexpected places and that they can have far-reaching impact. Hackers and data thieves are adept at finding creative entry points within the expanded attack surface that our digital world creates. So, while special training, data encryption, multifactor authentication and strong passwords have become a priority these days, risks persist.

And organizations may still be overlooking key weak points in their network. The reality, then, is that there are two types of companies: those that have discovered security breaches and those that don't yet know they've been breached.

Why protecting your data is so critical

A data breach can cause you to lose your customers' trust. According to a study by Gemalto,66 percent of consumers surveyed said they wouldn't do businesswith a company that had had sensitive information exposed due to a data breach. After all, the costs of such a breach can be extraordinary, asthe recent Equifax cyberheistdemonstrsated. But that's not the only risk.

The other problem is that, just as they are finding unique ways to steal data, hackers are also finding ways to use it against business owners. If your competitors get their hands on your stolen data, or if hackers hold it for ransom, you can lose valuable proprietary information. This was demonstrated bythe Sony Pictures attack in 2014and the more recentWannaCry ransomware virus. So, there is a strong business case for improving every aspect of network security.

Of course, the threat isn't limited to large enterprises. Entrepreneurs and business owners can learn alesson in security from patent trolls. Medium-sized businesses are the ideal target: They're big enough to be worth the effort, yet small enough to lack the resources to protect their patents and to fight flimsy but effective infringement lawsuits. Security follows the same pattern.

Three attack targets that are often overlooked

Some aspects of network and data security receive more attention than others, such as mobile and internet of things devices, making it easier for hackers to gain access through lesser-known avenues.

Here are three attack vectors you probably haven't considered, along with ways to mitigate the risks they pose.

1. Monitor your company's social media accounts.

Every organization should be vigilant about protecting its brand's social media presence. A study by Proofpoint revealed that social media phishing scams increased by150 percent in 2016, making them the fastest-growing active threat to social media accounts.

In one high-profile example, Russian hackersbreached the computer of a Pentagon officialthrough a tweet about a vacation package from a robot account. Hackers use social media because employees, while often trained to watch for suspicious emails, aren't as cautious about social media activity.

Related:The Dos and Don'ts of Cyber Security Measures to Help You Protect Your Business and Assets

That's why you should always be on the lookout for fake accounts; and why, if you find one, you should report it immediately. Consider writing a post or tweet to alert customers and contacts. This will help establish your business as a trustworthy company that prioritizes security. Also, limit the number of people with publishing rights on your official social media channels, just as you do with server admin rights.

2. Secure your printers, the forgotten entry point.

Data-loss prevention solutions put a digital wrapper around a business, but paper can sometimes escape that wrapper. Office printers are not only potential sources of data loss and confidentiality issues, but attack vectors that hackers can exploit.

Last year, for example, a hacker called "Weev" accessed "every publicly accessible printer in North America," including those on several college campuses, and printed anti-Semitic and racist fliers, theNew York Timesreported. The exploit was possible because many printers ship ready to "plug and play"; this makes them easy to integrate into a network, but they're not secure. Modern printers are essentially advanced, specialized network hosts, and as such, they should be giventhe same level of security attention as traditional computers.

Lock down all network printers by using firewalls, changing their default passwords and disabling any unnecessary protocols. Also, be sure to keep up with firmware updates when manufacturers discover and report security flaws. Check back regularly to ensure that any "hard resets" haven't reintroduced open ports and default passwords.

Finally,implement secure pull-printing technology. In a secure pull-printing environment, employees print to a secure queue and then use their ID card or log-in credentials to release (or "pull") their documents at any network printer. The old way is to send print jobs directly to a specific printer for immediate output,but that introduces risk.

How many "confidential" documents have you seen left unattended near a shared printer at work? There's too much at stake to allow documents to be printed and then forgotten. Don't let sensitive information fall into the wrong hands: Secure your printing workflows.

3. Educate your employees -- continually.

Protecting against data breaches isn't just your IT department's concern. Employees pose both the biggest risk and the best defense. Train all employees about security risks and best practices, and empower security staff to make decisions to improve your IT infrastructure. Educating employees about the massive damage a data breach can inflict should convince them to take their role in company-wide security efforts seriously.

Related:Don't Put Your Profits at Risk by Ignoring This Crucial Protection for Your Business

You can also work with security services to test employees with fake phishing attempts.Verizon's2017 Data Breach Investigationsreportshowed that employees studied opened approximately 30 percent of phishing emails, even after they had been warned about them. Showing how many employees opened even afakephishing attempt can prove that the company is susceptible to an attack if employees aren't vigilant.

Training should entail more than bulletins or informational emails. Make every department aware that security is a top priority, and make sure everyone understands the company's security policies. As the world continues to progress toward an even more digital society, choosing not to prioritize security in all its many facets is risky business. You don't want to lose your customers' trust or let valuable information fall into the wrong hands.

Kevin Pickhardt

CEO, Pharos Systems International

Kevin Pickhardt is the CEO ofPharos Systems International, an enterprise print solutions provider based in Rochester, NY. Pickhardt guides the continuing evolution of Pharos’s service to enterprise clients around the world, with a specific focus on cloud services, corporate strategy, change management and leadership development.

Related Topics

领导

These 4 Popular Mantras Contain Valuable Lessons in Leadership

Mantras can help clarify your vision and keep you on the path to success in business. These four in particular contain wisdom that speaks to the challenges and pitfalls of leadership.

Thought Leaders

Struggling to Be Happy? These 5 Strategies Can Help in Your Pursuit of Happiness

This article explores the enduring quest for happiness, delving into its philosophical foundations, the science of happiness, the pursuit of meaning, the role of relationships and the practice of mindfulness.

Business News

This Man Won a $22 Million Lottery Jackpot, But He and His Wife Won't Tell Their Kids — Here's Why

An anonymous caller named "John" shared his story on a recent episode of "The Ramsey Show."

Devices

Save $180 on These Waterproof Wireless Earbuds

Listen to the music you love the most convenient way possible.