[From Entrepreneur.com…] Most of us hadn’t even had time to violate our New Year’s resolutions when on January 3rd, the bombshell news of a major security flaw was found inside Intel processors, affecting millions of computers regardless of the operating system they were running. As CEO of a software solutions company supplying Fortune 100 and government agencies with both on-premises and cloud-based solutions, I took notice. Four independent research organizations had just revealed that 100% of my clients faced a new security risk. This is the new normal for every one of us.
In the case of cloud services, the story of this Intel security flaw can be considered a demonstration of the benefits of cloud computing. Our cloud service provider had been aware of the Meltdown and Spectre flaws and was already prepared with a fix. The implementation of that fix, throughout our four cloud instances around the world serving thousands of our customers, was completed within 48 hours and with no downtime. Protecting this many individual customers so quickly and completely would not be possible if the servers were on site.
The Meltdown and Spectre flaws remind us that security threats can emerge from unexpected places, and they can have far-reaching impacts. Hackers and data thieves are adept at finding creative entry points within the expanded attack surface that our digital world creates. While training, data encryption, multi-factor authentication and strong passwords have become bigger priorities, many organizations may still be overlooking key weak points in their network.
The reality is that there are two types of companies: those who have discovered security breaches and those who don’t know they’ve been breached yet.
3 attack vectors that are often overlooked
Some aspects of network and data security tend to receive more attention than others, such as mobile and IoT devices, making it easier for hackers to gain access through lesser-known avenues. Here are three attack vectors that you may not have considered, along with ways to mitigate the risks they pose to your business.
Secure your network printers, the forgotten entry point.
Data-loss prevention solutions put a digital wrapper around a business, but paper can sometimes escape that wrapper. Office printers are not only potential sources of untracked data loss and confidentiality issues, but also attack vectors that hackers can exploit.
Last year, for example, a hacker called “Weev” accessed “every publicly accessible printer in North America,” including those on several college campuses, and printed anti-Semitic and racist fliers. This was possible because many printers ship ready to “plug and play,” which makes them easy to integrate into a network, but it’s not secure.
Modern printers are essentially advanced, specialized network hosts, and as such, they should be given the same level of security attention as traditional computers and wifi access points.
Lock down all network printers by using firewalls, changing their default passwords , and disabling any unnecessary protocols. Also, be sure to keep up with firmware updates when manufacturers discover security flaws. Check back regularly to ensure that any “hard resets” didn’t reintroduce open ports and default passwords.
Finally, implement secure pull printing technology. In a secure pull printing environment, employees print to a secure queue and then use their ID card or login credentials to release (“pull”) their documents at any network printer. The old way is to send print jobs directly to a specific printer for immediate output, which introduces risk. How many “confidential” documents have you seen left unattended near a shared printer at work? There’s too much at stake to allow documents to be printed and then forgotten. Don’t let sensitive information fall into the wrong hands: Secure your printing workflows.