UK businesses neglect printer security despite rising risks

New research has found that printers are continuing to be a neglected area of cybersecurity within UK businesses, with few employees receiving dedicated training on printer-related security risks.

The survey, carried out by Sharp across 11,000 office employees including 1,000 based in the UK, highlighted that just 14% of employees who had been trained on new cyber threats received any training specifically focused on printer security.

Despite increasing awareness of cyber threats in the workplace, the study found that specific measures to secure printers and multi-function printers (MFPs) have not kept pace, leaving critical endpoints exposed to potential data breaches and cyberattacks. Nearly 29% of respondents in the UK reported that their businesses do not have any specific IT security measures in place for printers.

Changing working patterns, particularly the transition to remote work, have contributed to the emergence of poor printer security practices among employees. Of those surveyed, 28% admitted to printing files sent via email from home on work printers, while 21% printed files from non-work-related websites using office devices without considering the associated risks.

One area of significant concern highlighted by the research is a lack of awareness about the potential risks posed by printed documents. Only 18% of employees recognised that leaving printouts in MFP output trays could pose material cybersecurity threats, including the risk of sensitive information being accessed by unauthorised individuals, information gathering for social engineering, and potential data compliance violations.

The survey also revealed that only 8% of employees identified MFPs as the greatest IT security threat in the office. Sharp's analysis suggests that this finding indicates many businesses are not sufficiently recognising the risks presented by everyday office technology, potentially increasing their vulnerability to cyber incidents.

"Printers are frequently underestimated in UK businesses by daily users who perceive them as posing no cyber threat, making them an easy target for cybercriminals. Our findings underscore the urgent need for businesses across the UK to secure all office endpoint devices, and to ensure that employees are properly trained to recognise risks and prevent breaches. In the current cyber landscape, securing overlooked endpoints such as printers is vital to ensure a comprehensive IT security strategy," Matt Riley, Director for Information Security at Sharp in the UK and Europe, said.

"At Sharp, we are firm believers that our teams don't need to be cybersecurity experts. Comprehensive training programmes should support them in identifying potential threats and educating them on how to report to them. By following the two simple principles, observe and report, businesses will have the expertise to stay vigilant in the face of cyber threats," Riley added.

The findings demonstrate that while investment and training in cybersecurity are commonplace in many other areas, there remains a significant gap in awareness and preparation when it comes to printer security. The survey calls attention to the need for UK organisations to broaden their approach to cybersecurity and improve both technical and human safeguards associated with printers and similar devices within offices.

Sharp's research comes at a time of heightened concern over data privacy, compliance, and the rapidly evolving landscape of cyber threats facing businesses of all sizes. The study underscores that basic measures, such as locking down print queues, monitoring usage, and ensuring confidential documents are not left unattended, are critical to bolstering security around office endpoints.