Printers as a threat to IT security in SMEs
Cyber security threats such as phishing or ransomware are increasingly becoming a serious risk for small and medium-sized enterprises (SMEs) in Switzerland as well. Increasingly, networked multifunction printers (MFPs) are the starting point for IT security incidents: Around one in four Swiss SMEs (27 percent) has already been affected by security breaches that occurred via an MFP.
This is the conclusion of a recent study conducted by Sharp among more than 500 IT decision-makers and procurement managers from SMEs in various industries in Switzerland.
Unprotected MFPs: cause for concern?
The threat situation in the area of MFPs is exacerbated by the increasing use of hybrid work models. In particular, the often inadequate protection of network connections and human error are causing headaches for the IT decision-makers surveyed. However, the security risks posed directly by unprotected MFPs are a cause for concern for only 6 percent of respondents. 17 percent of all respondents state that their company has not taken any printer-specific IT security measures.
Black Box IT Security: Lack of Expertise Exacerbates Risk
As part of the study, IT decision-makers were also asked about their confidence in their company's ability to deal appropriately with security risks. A further question related to possible obstacles that, in the view of those responsible, make investments in IT security measures more difficult. The increasing prevalence of hybrid working models was cited by 28 percent of the SMEs surveyed as a reason for heightened security concerns. Just under a third (31 percent) are concerned about the lack of IT security knowledge among employees.
Despite these concerns, only 29 percent of SMEs address the particular risks posed by hybrid working as part of IT security training. And only about a quarter of companies train their employees on printer (24 percent) and scanner (28 percent) security.
More safety with little effort
"Cases of cybercrime and IT security incidents that make it into the headlines are often based on technically complex attack methods and vectors. For decision-makers in SMEs, however, the everyday potential risks and vulnerabilities that arise from unprotected MFPs or careless behavior on the part of their own employees are often the more relevant ones," comments Antonio Papalo, COO at Sharp Electronics Switzerland, on the results of the survey.
"Important first steps for companies would be, for example, to keep the software of their scanners and printers up to date and to carry out regular back-ups. They should also introduce uniform security standards for hybrid teams and make their employees aware of MFP-related security issues," continues Antonio Papalo. "This starts, for example, with ensuring that confidential printouts and copies are not left unattended in the MFP's output tray or disposed of in an unsecured manner. It is often the supposed trifles - in addition to a lack of technical precautions - that significantly increase the risk of data loss or misuse by unauthorized persons. Expert advice can provide additional support in designing a long-term, holistic security strategy so that the right decisions can be made at the right time."
Source: www.sharp.ch
