Hiding in Plain Sight — Office Tools as a Cyber Threat

Most businesses have cyber security protection for their laptops and desktop computers. There are two points of entry into your network that may not get the attention they deserve.

Copiers and Printers

A common office machine that can print, scan copy and fax is extremely useful. This machine can be shared by multiple users, including remote users. It can stage multiple print jobs and have a print queue when it is busy. The connection to a network and internal data storage make this a workhorse in the office. These features strongly resemble a computer, but many cyber security plans do not treat copiers as a threat.

Network Connections

If your copier is shared by multiple users and is not connected by dedicated printer cables, it must be connected to your network. As a network point, it has the ability to send and receive data to you. This ability can be exploited if the network connection is not protected with a security system and if access is not controlled. Leaving the printer open for guests to print opens your network to those guests. With WI-FI being the preferred network connection, your WI FI can be accessed outside of your premises by a hacker.

You should treat the printer as a workstation and require the same level of access control for this tool as you would a workstation. If you allow guests to use your printer, enforce guest passwords that change routine to maintain an acceptable level of security. Be sure USB connections to the printer are scanned for malware and viruses before allowing use.

Conference Room Presentation Systems

The convenience of simply plugging in and projecting data is another often-overlooked cyber threat. Instead of a single user connecting directly to the screen with a cable, a network connected device allows easy screen sharing and multiple users to share upon demand. This means the system is connected to your network and can send and receive data. The same issues with your copier also impact on a network connected screen sharing system.

Some standalone projectors have onboard memory to allow a presentation to be loaded or a streaming service to buffer to allow a more stable experience. This data will remain onboard the device unless you proactively remove the data. The next user can access your data. This is a particular exposure for shared conference rooms.

Projection options that accept a USB flash drive also have the potential to load malware into your system. Strict controls on USB ports should be part of your cyber security program. Requiring the USB drive to be scanned by your security software before use is sound security control.

No Good Deed Goes Unpunished

When your technology reaches the end of its useful life in your environment, it may be a working tool for someone else. You may also want to avoid the environmental aspects of technology disposal. Donating equipment to non-profits, schools and other groups seems to be a good deed.

Any equipment that leaves your control must be cleared of any data. Do not rely on the “format” commands to clear memory devices. There are commonly available utility programs designed to recover data on storage devices.

Many security software platforms offer data destruction or shredding programs. These programs rewrite the storage media with random data that prevents retrieval of your data. Your current security software likely has this function. Use it on all equipment moving to another home. This includes equipment you may sell or give to employees.

Cyber Liability is Real

If a customer’s data is compromised by a security breach or lapse at your company, you can be held liable for damage. The damage can be to real property by malware or reputational damage from data release. You may be required to offer identity theft protection and credit monitoring to affected people and businesses. You need adequate insurance coverage for this exposure. Cyber threats are no longer limited to big business. Anyone with an internet connection is at risk. A major cyber liability broker, AMWINS, estimates the average ransomware attacks costs a small business $262,000 excluding ramson payment. The average social engineering attack costs over $123,000.

The Driehaus Difference

We have multiple cyber liability options for any business. Our companies can offer limits that will meet your needs. Cyber policies offer restoration and response services to help you manage a cyber incident and limit downstream damage. This service is worth the cost of the coverage. We can help you with your cyber liability exposure and coverage.

Call us at 513-977-6860 or reach out to use on our website, www.driehausins.com We want to be your insurance provider.