A compromised printer can be a gateway to your entire network. Follow these 7 smart ways to secure your wireless printer and protect your remote work setup.
Network printers are among the most neglected security assets in both home office and business environments. They sit on the network for years, auto-connect to Wi-Fi, respond to print jobs — and almost never receive security updates or configuration reviews.
This matters because modern printers are full network computers: they have processors, memory, storage (often storing copies of recent print jobs), web servers for administration, and wireless connectivity. An unsecured printer is a foothold on your network.
1. Update Printer Firmware
Printer firmware contains security vulnerabilities just like any other software. Unlike operating systems, printers rarely prompt for updates or update automatically — the firmware from the day the printer was manufactured is often still running years later.
How to update: Visit the manufacturer’s support website (HP, Canon, Brother, Epson, Lexmark), search for your specific model, and download the latest firmware. Installation is typically done through the printer’s web interface or the manufacturer’s management software.
Set a reminder to check for firmware updates every six months. Vulnerabilities in older printer firmware are well-documented and actively exploited.
2. Change the Default Admin Password
Every printer ships with a default admin password — typically “admin”, “password”, “1234”, or blank. Attackers scan for printers on public-facing IP addresses (some printers are exposed to the internet accidentally) and attempt these defaults.
Even on internal networks, the default password should be changed. Any device on your network — a compromised laptop, a malicious insider — could access the printer admin interface using default credentials.
How to change: Access the printer’s web interface (type the printer’s IP address in a browser), navigate to Administration or Security settings, and set a strong, unique password.
3. Disable Unused Network Services
Modern printers enable every connectivity feature by default: web server, FTP access, Telnet, SNMP, cloud printing services, UPnP. Most of these are not needed and each is a potential attack surface.
What to review and disable if not used:
- Telnet (unencrypted remote access — always disable)
- FTP service (unless you specifically use FTP-based scanning)
- UPnP (Universal Plug and Play — facilitates network discovery attacks)
- Cloud printing services if you only print from the local network
- Embedded Web Server remote access if not needed
Review the printer’s administration settings and disable every service that is not actively used.
4. Put the Printer on a Separate Network Segment
In a properly segmented network, printers should be isolated from workstations, servers, and sensitive devices. If a printer is compromised, network segmentation limits what the attacker can reach from that foothold.
For home offices: A guest Wi-Fi network configured in your router is a reasonable alternative to full VLAN segmentation — printers on the guest network can still be accessed for printing, but are isolated from the main network where your laptops and sensitive data live.
5. Disable Cloud Printing Services Unless Needed
HP Connected, Canon PRINT Business, and equivalent services allow printing from anywhere via cloud. Convenient, but they also create a path from the internet to your printer. If cloud printing is not a feature you use, disable it.
Cloud printing services often run as persistent connections to vendor cloud infrastructure. Any vulnerability in these services — or a compromise of the vendor’s cloud — could provide a path to your printer and through it to your network.
6. Secure the Physical Print Queue
Printed documents sitting in a printer output tray represent a physical information security risk. Printed bank statements, HR documents, legal correspondence, or confidential client information sitting uncollected is accessible to anyone who walks by.
Solutions:
- Secure print / PIN release: Most business printers support requiring a PIN at the printer to release a job. The document only prints when the authorised user is standing at the printer to collect it.
- Physical placement: Position printers in areas accessible only to those who need them.
- Clear the queue: Regularly clear uncollected print jobs from the queue.
7. Clear Print Job History Before Disposal
Many modern printers store copies of recent print jobs in internal memory or storage. If the printer is sold, stolen, or disposed of without clearing this history, sensitive documents can be recovered.
How to clear: Access the printer’s administration web interface → Stored data or Print history → Clear all stored jobs. Some printers also offer a “Secure Erase” function that overwrites storage.
Before disposing of or returning a printer: Perform a factory reset and data wipe. The manufacturer’s documentation specifies the procedure for each model.
The Broader Principle: IoT Security
Printers represent a broader category of office devices that are networked but rarely considered in security reviews: smart TVs, video conferencing equipment, door access systems, HVAC controls, and IoT sensors. All of these are full computers on your network.
The same principles apply to each: default passwords changed, firmware kept updated, unused services disabled, network segmentation applied where practical.
CX IT Services reviews and secures network-connected devices as part of our managed IT service for Melbourne businesses. Book a Right Fit Call to discuss your network security posture.
