Once upon a time, offering a client or customer use of your printer so they could create a hard copy of some important documentation required several steps.
First they would have to get the files in question to you somehow, say via email or handing over a pen drive. Then you would have to go to a PC or laptop, open the file, send it to print, and hand it back to the customer.
Today’s wireless networked printers make it so much easier. On models that support peer-to-peer wireless sharing, you can let a customer connect via WiFi from whatever device they happen to be carrying the documents on, be it a laptop, tablet or smartphone. They can therefore print what they need directly without you having to mediate.
However, convenient as this may be, it also presents a security risk. Many modern business-class printers do not just offer WiFi connectivity, they also come with their own hard drives where print records and file archives are stored. Unless precautions are taken, providing access to your printer also means allowing access to this data.
Moreover, as part of your wider IT network, your printer provides access to the rest of your business systems, and all the critical operational platforms and sensitive business data they include.
When people think of digital security, they usually don’t have printers in mind. But sharing access to an unsecured printer exposes you to all sorts of problems. Any personal data on the printer or elsewhere on the network accidentally revealed to a customer trying to print a document would constitute a breach under the GDPR.
Furthermore, there is always the risk of unscrupulous individuals using printer sharing as a ruse to hack into your systems and steal sensitive documents and data.
None of the above should scare a business off sharing wireless printer access with customers. If you follow the same sort of precautions you take to protect the rest of your network, you can offer a handy service without risk.
Here are the main steps you should take to make sure printers can be used securely by all parties:
- Use encryption. All data stored on a printer should be encrypted, as you are advised to do on any hard drive or server. That way, even if someone does get access to files they shouldn’t be seeing, they cannot read them without the encryption key anyway. For GDPR compliance purposes, it is also advisable to encrypt data in transit as devices communicate with your printers, so there is no risk of personal data being seen across different devices connected to the printer.
- Set up access control. Encryption or no encryption, external users should not have access to the printer hard drive, or to anywhere else on the network for that matter. This can be managed by setting up user permissions. That means customers need a password to use the printer in the first place, and they should have the minimum level of access required to print a document and no more.
- Wireless network security. As well as setting up appropriate user permissions on the printer itself, it is also important to restrict access to your wireless LAN. Again, to use a printer, customers need to be able to connect to the printer only. Wireless security management systems can be used to shut off access to the rest of the network.