I admit to being something of an IT security geek — a direct spin-off of having been fortunate enough to work with Zone Labs (now part of CheckPoint), McAfee, Trend Micro, and Catbird. And I thought I understood the mechanisms that hackers use to penetrate corporate networks.
And then I saw Andrew Hay’s amazingly detailed blog post about how the failure to read the documentation that comes with printers is leaving many networks with a wide-open backdoor that hackers are using to mount phishing attacks that simply by-pass network security.
One of the realizations that Andrew Hay’s article gave me is that I might be broadcasting to the world the exact brand of computer, printer, smartphone, and other devices that are connected to my home network. That seems somewhat akin to posting a sign that says, “Thieves can get a pawnable iPad by breaking into this house.”
So whether you’re a small business owner, run a home-based business, or are part of a corporate IT department, take a few minutes and review the steps that the OpenDNS Security Lab recommends to secure your network from this kind of attack. It’s worth the effort, I think!
If the geek-speak in the original article is over your head (I admit some of it is over mine after 20 years “in the field”), here’s the bottom line: printers, scanners, and other connected devices have to be secured just like computers and laptops. And don’t forget iPads, iPods, Android tablets and smartphones, and other mobile devices.
I helped Breezy write an overview of how to deliver secure mobile printing — you can download a free copy of the ebook at this link — and I’ve been writing often about secure printing for the Breezy blog. But Andrew Hay’s article put it into a new perspective for me — and if it doesn’t scare you, then you’re not paying attention.
As the Canadian security expert wrote in his blog post: “The old adage of “measure twice, cut once” is solid advice that is often ignored in the digital world. We at OpenDNS, however, believe that when talking about IP-enabled devices, a new and more targeted adage should be followed:
“Read [the documentation] twice, connect [the device] once.” – Andrew Hay
“Here’s why. We all live busy lives. So busy, in fact, that many believe that computer printers haven’t really changed much over the years to warrant reading the instructions. Sure, many newer models can be connected to your local network but that’s only for internal network connectivity, right? Unfortunately, that is not the case.”
What that means is that ANY device connected to the Internet can become a pathway for hackers to access your network — and the computers attached to your network. So if you haven’t taken a look at your security lately, now’s a good time.
Illustration credit: The illustration of the man reading on iPad was created in SketchBook by artist Susan Murtaugh, and offered on Flickr under a Creative Commons License.