Why Your Office Printer Is a Cybersecurity Risk (And How to Fix It)

Your office printer probably receives very little security attention. It was set up when it arrived, connected to the network, and has been mostly ignored ever since - except when it runs out of toner or needs someone to clear a jam. This is a problem, because modern multifunction printers are not simple peripherals. They are fully networked computers with storage, web interfaces, and in many cases, the ability to send email and access cloud services. And most of them are running unpatched firmware from the day they were installed.

Here is a realistic look at the security risks and what to do about them.

What Modern Printers Actually Are

A current mid-range multifunction device from HP, Canon, Xerox, or Konica Minolta contains:

• A CPU and operating system (often a flavour of Linux or a proprietary OS)
• A hard drive or flash storage
• A web-based management interface accessible over the network
• Email sending capability (for scan-to-email functions)
• FTP and SMB client capability (for scan-to-folder)
• Wireless networking in many models
• USB ports
• In some cases, cloud connectivity to vendor services

This is not a printer in the traditional sense. It is a networked device that happens to print.

Risk 1: Stored Documents

Many printers store copies of recently printed, scanned, and faxed documents on their internal storage. The purpose is functional - print jobs can be reprinted, and the device maintains logs - but the security implication is significant.

If your printer is sold, disposed of, repaired, or accessed by an attacker, the documents stored on it may be recoverable. For businesses handling confidential client information, financial records, legal documents, or health information, this is a real data exposure risk.

What to do:

• Enable the storage wiping or job deletion feature if your printer supports it. Many enterprise-grade devices have a setting to automatically overwrite print job data after completion.
• Before disposing of a printer, initiate a factory reset and storage wipe. If you are in any doubt about whether sensitive documents were printed on the device, contact the manufacturer or a data destruction service.
• Keep a record of which devices have handled sensitive print jobs.

Risk 2: Unpatched Firmware

Printer firmware vulnerabilities are real and documented. Researchers have demonstrated remote code execution on major printer brands via vulnerabilities in web interfaces, network protocols, and print language parsers. In 2025, several major printer manufacturers issued critical firmware patches - few of which were applied to deployed devices within any reasonable timeframe.

Unlike a server or workstation, printers are rarely included in patch management programmes. The printer gets set up, and the firmware from that point forward may never be updated.

What to do:

• Check the current firmware version of every printer on your network and compare it to the manufacturer’s latest release.
• For major brands, enable automatic firmware update notifications or automatic updates where the feature is available.
• Include printers in your vulnerability management scope - they are endpoints like any other.

Risk 3: The Web Management Interface

Every modern multifunction printer has a built-in web interface that allows administrators to configure settings, manage jobs, and check status. These interfaces are often:

• Accessible to anyone on the network without authentication (default setting on many devices)
• Running outdated HTTPS certificates or, in many cases, plain HTTP
• Exposed beyond the local network in misconfigured environments

An attacker with access to your network - whether via a compromised workstation, a visiting guest on your WiFi, or remote access - can potentially access the printer’s admin interface, change settings, retrieve stored credentials (printers often store SMTP, FTP, and Active Directory credentials for scan functions), and in some cases execute code.

What to do:

• Set a strong administrator password on the printer’s web interface. “admin/admin” or blank passwords are common defaults.
• Disable remote access features (FTP server, Telnet, older protocols like SNMPv1) that are not required.
• Ensure HTTPS is enforced for the web interface and use a current certificate.
• Consider disabling the web interface entirely if it is not needed for management.

Risk 4: Network Segmentation

Most office printers sit on the same network segment as workstations, servers, and other business systems. This means a compromised printer - or an attacker who has accessed the printer - can potentially communicate directly with everything else on your network.

What to do:

Network segmentation using VLANs (Virtual Local Area Networks) is the right architectural approach. Printers should be on their own VLAN that:

• Allows workstations to send print jobs to the printer
• Allows the printer to send scan-to-email via your mail server or SMTP relay
• Blocks the printer from initiating connections to workstations, servers, or the internet directly

This limits the blast radius if a printer is compromised. A printer on a properly segmented network cannot be used as a pivot point to attack other systems.

VLAN configuration is a job for your IT provider or network administrator. It requires a managed switch and appropriate firewall rules.

Risk 5: Default Credentials and Unused Services

Printers ship with default credentials and many services enabled. The assumption is that an IT administrator will configure the device properly during setup. In practice, many printers go into service with default passwords unchanged and unused services still running.

Services commonly enabled by default that are not needed:

• Telnet (unencrypted remote management - should be disabled universally)
• FTP server (rarely needed)
• SNMPv1/v2 (with default community strings like “public” - should be updated to SNMPv3 or disabled)
• Bonjour/mDNS (may be needed for Apple clients but can be restricted)
• Web services for mobile printing (if not used, disable)

What to do:

• During printer setup, run through the management interface and disable every service that is not required.
• Change all default credentials - admin web interface, SNMP community strings, and any service accounts.
• Document what you have changed so it can be replicated when the device is replaced.

Secure Print: Protecting Sensitive Print Jobs

One frequently overlooked feature is secure print - also called pull printing or PIN release printing. With secure print enabled, a print job is held in a queue and only released when the authorised user authenticates at the printer (via PIN, card swipe, or proximity badge).

This prevents sensitive documents from sitting in the output tray where anyone passing can pick them up - a simple but meaningful physical security control. Most enterprise multifunction devices support secure print natively.

A Practical Audit for Your Business

If you want to assess your current printer security posture, start here:

1. Log into the web interface of each printer on your network. Were you prompted for a password? If not, that is your first finding.
2. Check the firmware version and compare to the manufacturer’s current release.
3. Review enabled services - how many did you not know were running?
4. Check whether the printer’s SMTP credentials and any stored scan-to-folder credentials are documented somewhere secure.
5. Identify which network segment the printer sits on and whether it has unrestricted access to other devices.

Most businesses find multiple findings in this audit. None of them require expensive remediation - they require attention and configuration time.

If you would like help auditing your printer security or implementing network segmentation for your Melbourne office, contact CX IT Services. Printers are one of those risks that are inexpensive to address once you know what to look for.