Exciting news: British Assessment Bureau will rebrand as Amtivo in Autumn 2026! Find out more here >>

5 Ways SMEs Can Improve Their Printer Security

Request a Quote

  • Accredited certifications
  • Helpful resources
  • No hidden fees
  • Trusted certification experts
Request a Quote

In November 2018, a highly unusual cyber incident saw an estimated 50,000 printers worldwide begin printing unsolicited flyers asking readers to visit the YouTube channel of Internet star, PewDiePie. 

While the stunt initially seemed light-hearted, it exposed a serious security flaw. Frustrated and confused, owners quickly took to social media to report the intrusion, often unsure how their devices had been accessed. 

It didn’t matter whether the printer was a sophisticated multi-function device used by large companies or a modest receipt printer of the sort used by millions of small businesses. If it was connected to the Internet and left unsecured, it was vulnerable. The attackers were able to remotely access and print from thousands of exposed machines across the globe. 

Days later, the same hackers struck again, this time printing instructions telling victims how to fix the firmware vulnerabilities that had made the campaign possible. The hackers also implied that not only was it possible to print from exposed machines, but they could also physically damage their electronics and interfere with data passing through them: 

The fallout goes beyond printouts, we could also be capturing sensitive documents as they get printed or even modify documents as they get printed,” they told the BBC. 

This is far from the only incident affecting printers in recent years. According to Beaming’s 2024 cyber attack research, remotely controlled IoT (Internet of Things) devices were the most frequently targeted category, with business firewalls recording more than 161 daily attacks against connected systems such as networked printers.

 

IoT Pioneer

Printers aren’t necessarily more vulnerable to attack than other devices, but they are almost always ignored. Printers are designed to perform a simple task – to print. Because of this, they are often overlooked within wider IT and cyber security strategies. It’s been this way ever since HP released the first desk-side personal laser printer, the LaserJet, in 1984.

Printers have always been fully-fledged computers, complete with their own main memory, microprocessors, data storage, network connectivity, and simple operating systems. Finally, around 20 years ago, they acquired built-in web and remote configuration, which meant people could connect and print documents or configure settings from anywhere in the world.

Looking back, internet-connected printers were an early precursor to what we now call the Internet of Things (IoT). At the time, however, limited attention was paid to the risks of adding unmanaged, internet-connected devices to networks — devices that rarely, if ever, received software updates.

 

Printer Risks

Although large-scale cyber attacks targeting printers remain relatively uncommon, the proof-of-concept incidents highlighted above demonstrate that the risk is far from theoretical. If an attacker can identify and access a printer from inside or outside a network, this is a security gap that must be addressed. 

How might an attacker exploit a printer?

  1. Denial of service: Sending a stream of print jobs to a printer to stop it from receiving legitimate traffic. Anecdotes suggest that this type of attack is not uncommon, which shouldn’t be a surprise. In the 1980s and 1990s, attacks were launched on company fax machines and phone switchboards using the same MO.
  2. Data theft: Printers receive and print data. But what happens while the data are sitting in the print queue? If not encrypted, in principle it is vulnerable to theft by anyone able to access its management interface, including via Wi-Fi as well as across the network itself.
  3. Network compromise: Hacking a printer to use as a staging post for a lateral movement inside a network is supposed to be rare. This could be because it really is rare, or it might simply be because nobody monitors printers so would have no way of knowing if it had happened. As with most IoT, printers don’t run security clients which means that compromises are not easy to see. If the printer has a serious unpatched vulnerability, a remote code exploit (RCE) could allow hackers to install malware.
  4. Email compromise: An additional trick used by hackers is to hijack a printer as a proxy to send a malicious document to someone’s email address posing as a notification. Because the printer is legitimate, this is more likely to pass checks.
  5. Document modification: Intercepting printed material to change some of the data, for example a mailing address for goods.

 

Printer Security Checklist

The good news is that fixing printer security isn’t hard. The first task is to stop ignoring them and address the glaring weaknesses.

  1. Secure access: After carrying out an audit to establish the state of the printer population, turn off remote Internet printing access. This stops the printer from being visible to specialised search engines. Then turn off unused software ports and unneeded protocols that might further expose it inside or outside the network.
  2. Authentication: Default login credentials are a big weakness. These should be changed, and any additional authentication turned on if supported. Authentication can also be turned on to receive a print job. The printer admin interface itself should be protected by changing any credentials.
  3. Regular patching: Patching vulnerabilities seems obvious, but not all vendors do this quickly enough or make it easy to do. The patching schedule for drivers and firmware should be assessed as carefully as printer features and price before buying a printer. Sometimes, updating can be done automatically by the printer vendor, which might be the safest option.
  4. Data encryption: Encrypting print jobs adds a useful layer of security, along with some complexity (receiving the decrypted document requires authenticating first).
  5. Independent testing: Buyers Lab has developed a testing process that examines the security of printer vendors. Note: not every name is on the approved list (yet).

 

Cyber Essentials and ISO 27001 Certification for SME Cyber Security

Printers and other internet-connected devices are a common but often overlooked source of cyber security risk for SMEs. Certification to recognised standards such as Cyber EssentialsCyber Essentials Plus, or ISO 27001 can help organisations demonstrate that baseline cyber security controls are in place to protect networks, connected devices, and sensitive data.

British Assessment Bureau provides UKAS-accredited certification for SMEs across the UK.

Request a quote today, or contact our team to find out more about the cyber security certification process and the next steps.

Julian Russell

Julian Russell

February 25, 2026

Related Resources

10 biggest cyber attacks of 2021

The Biggest Cyber Attacks Year by Year

Major attacks like SolarWinds and Colonial Pipeline reveal infrastructure flaws and prompt global calls for stronger cyber security.
Learn More
server array inside a data centre

Understanding Data Breach Causes & Response Strategies

Protect your organisation and customers from data breaches. Discover breaches happen and why they are on the rise.
Learn More
Top 8 cyber security risks for business

Discover 8 of the Major Cyber Security Risks for Businesses in 2025

Discover 8 of the major cyber security risks to your business and how to effectively protect your digital assets.
Learn More
Retail Cybersecurity Threats

The Top Retail
Cyber Security Threats and How to Address Them

Explore retail cyber threats and strategies to protect against breaches and fraud.
Learn More
View All Resources

Get Started on Your Certification Journey Now

Your certification costs will depend on the size of your business, location, and the sector you’re in.