Ransomware Hits Law Firm – How It Could Have Been Protected​​

finger pressing enter key and displaying ransomwareWe’ve been blogging a lot about print infrastructure security recently and want to share SmartPrint’s comments on the Toronto law firm that was hacked as it’s a good example of a situation where if they were equipped with the right equipment and configurations, they could have avoided the ransomware breach completely.

Our systems engineering team work with clients from legal, financial, healthcare, manufacturing companies and other types of organizations to help them lock down the office print infrastructure. It’s a very important practice given that according to IDC, 40% of Canadian companies had security breaches in 2016, and 54% of those hacks were completed with the print infrastructure as the entry point. Scary isn’t it!

Here’s an example of how this law firm could have protected itself:

  • With best in breed office print equipment, a malware attack could have been stopped immediately. Once the print job with malware went to the print queue, or printer, the device would have immediately re-booted, and staved off the attack.
  • If the client was running the latest print security software that SmartPrint recommends and implements, the software would have notified IT of the attempted breach so that the attempt wouldn’t go unrecorded.
  • The firm would have been able to automate the processes around print infrastructure security and report on status at any time. They would have also been able to warn and train the user group regarding the attempt to improve user knowledge of future malware schemes.

What shocks us every time we complete a print infrastructure security assessment for a client is that  the organization thinks they are in good shape; however, the assessment comes back with significant security issues/holes. If you think you don’t have budget to invest in your environment, guess what? When we complete a free assessment and recommend updates, potential upgrades and implement simple software to monitor the environment, we always decrease the total cost of ownership for the organization. It’s really a win/win! A locked down print infrastructure at a lower cost; not to mention a more productive environment for users.

If you are interested in making sure you are secure, contact us.

What is the State of Your Organization’s Print Infrastructure Security?

document management system state of print infrastructure security hp mfpYour organization invests a great deal of time, effort and resources into the development of intellectual assets, so it’s important to protect your organization’s intellectual property from being compromised or stolen. Open printer ports, printer web servers and FTP protocols are becoming a popular entry point for hackers, and unfortunately Print Infrastructure Security is an area that can often be overlooked, thus exposing organizations to potential security breaches. In order to determine whether or not this is the case, you should start by conducting a Print Infrastructure Security Assessment to pinpoint potential vulnerabilities. We then recommend that you implement software and business processes that will lock down the physical and digital print environment, automate print security and enable reporting and auditing capabilities.

Assess Your Network Printer Security

A comprehensive Network Printer Security Assessment should analyze the device set-up and configurations of all of the print devices on the network, as well as how they are utilized for all of their functions. The following is a list of items to examine during your security assessment:

Unauthorized Access

Unauthorized access is the use of a computer or network without permission. A cracker, or hacker, is someone who tries to access a computer or network illegally. Some hackers break into a computer or network for the challenge. However, others do this to utilize or steal intellectual property and resources, or corrupt data. Assess the access points – physical and digital – and protocols on your printer network and on all of your networked print devices, and identify which access points and protocols can be used as inroads for potential security threats.

Unclaimed Print Jobs

Determine what happens to unclaimed physical print jobs. When confidential documents get printed and left on work group print devices, what happens to these documents?

Device Settings and Ports

Assess networked print device ports and protocols and identify which ones aren’t being used.

Scan Process

Determine which users are scanning documents and where these documents are being sent once they have been scanned on devices within the corporate network.

Vulnerabilities List

Document all of the security vulnerabilities you discovered and develop a security plan to address each vulnerability.

The following HP video is an excellent depiction of some potential print security breach scenarios:

Click here to see if you qualify for a free Print Infrastructure Security Assessment.

How to Improve the Security of Your Network Printer Environment

Device Security Policy

If your Device Security Policy is not comprehensive enough or you don’t have one that is formally documented, your organization may be vulnerable to security threats without even realizing it, so it’s imperative to have a formally documented Device Security Policy and ensure that it gets properly implemented. Make sure that your policy specifies and limits access to information AND network assets. This policy is the foundation for creating a secure network printing environment.

Document Management

Document management, often referred to as a Document Management System (DMS), is the use of a computer system and software to store, manage and track electronic documents and electronic images of paper-based information captured through the use of a document scanner, multi-function device or networked copier.

Let’s take a look at traditional paper-based filing. Rows of large document folders are put into these filing cabinets in the hopes of being stored correctly. Paper doesn’t keep a record of who has viewed it, copied it or scanned it, and it can be destroyed or damaged accidentally by things like a water pipe bursting, fire or the accidental spillage of coffee.

Think of a Document Management System as a large electronic filing cabinet with folders that are stored in an unlimited number of drawers (based on hard drive space of course). Digital content is secured by user access rights. When documents are checked out, changed audit logs can track who has looked at the document, changed the document with version references and can even prevent unauthorized users from viewing and/or printing the document. The Document Management System’s IT backup processes ensure that documents don’t get damaged or destroyed accidentally, unlike those stored in paper-based filing systems.

Print Workflows and Process Automation

For many organizations it’s difficult to monitor and manage each and every user’s print jobs. Many times print jobs are forgotten or sent to the wrong printer and documents end up sitting on the printer, never to be retrieved by the user. This is especially troublesome when confidential documents are left for everyone (even unauthorized users) to see.

To prevent this from happening you should establish print workflows and automate print processes. A print workflow is the definition, execution and automation of business processes where tasks, information or documents are passed from one participant to another according to a set of procedural rules.

FollowMe Printing allows users to print to a shared print queue, and roam and release their print job from any enabled output device. This ensures that printing remains confidential to a specific user and reduces printed waste from documents left uncollected at the printer. If a printer is out of service, users can release their print jobs from the next available printer, without disrupting productivity.

Authenticating at multi-function output devices enables custom scan capture workflows to be presented at the panel. This process ensures secure access to retrieve printed content while using the devices as on-ramps to key line of business applications storing captured content.

Tracking and reporting tools create transparency for all print costs, helping finance managers allocate or recover costs from individual departments or clients. Organizations can also use tracking data to help them comply with industry regulations such as Gramm-Leach-Bliley Act (GLBA), Payment Card Industry Data Security Standard (PCI DSS) and Sarbanes-Oxley (SOX).

Automated Print Device Security Software

Strengthen information security and significantly reduce administrative overhead by utilizing automated print device security software that automatically deploys and updates print device identity certificates. HP Security Manager performs these automatic deployment and updates, and offers a simple, intuitive process for securing your print fleet. It efficiently deploys and monitors devices by applying a single security policy across the fleet, and secures new HP devices as soon as they are added to your network with HP Instant-on Security. Actively maintain and verify compliance with your defined security policies using HP Security Manager’s automated monitoring and risk-based reporting.

If you would like additional information on how to improve the state of your organization’s print infrastructure security, please get in touch with one of our MPS Experts or request a free Print Infrastructure Security Assessment.