by Michael Amiri, Continuum
Today’s cybersecurity and threat landscape is evolving rapidly, and small-to-medium sized businesses (SMBs) are increasingly seen as “easy targets” that are ill-equipped to identify and mitigate the growing number and variety of attacks being carried out. While some businesses have begun deploying basic infrastructure or endpoint protection solutions, the reality is that today’s hackers are continuously developing new means of gaining entry to systems and networks—including through peripheral devices, social engineering or phishing schemes, viruses and malware, and others.
To truly protect the SMB and minimize the risk of an attack or data breach, the entire office and technology infrastructure must be taken into consideration when developing a cybersecurity or threat management strategy.
As office equipment dealerships take more ownership of customer networks, and begin offering managed IT services to augment their traditional office technology offerings, it’s critical that they’re able to address these challenges and stay up to date on the latest cybersecurity trends and best practices to ensure clients are protected.
When working with customers to secure the office and build effective defenses against these emerging threats, the following risks, devices and recommendations should be top-of-mind for both dealerships and their customers.
Multifunction Printers (MFPs)
Dealerships are of course familiar with printers and MFPs, which have become critical assets in nearly every workplace environment today. However, these devices are often a forgotten piece of the puzzle when it comes to data security and network access—which can pose a significant threat to your customers.
According to InfoTrends’ "U.S. Single-Function Printer and MFP Market Placements" and "Western Europe Single Function Printer and MFP Market Placements" reports, there are nearly 30 million printers and multifunction devices in use throughout offices and homes in the U.S. and Western Europe. Most of these are connected to some type of network, meaning they are just as susceptible to malware and other types of attacks as desktop computers.
Unfortunately, these devices are often overlooked by IT professionals and are used without proper user and employee safeguards. In such cases, critical business information is at risk of being breached — or worse, the MFP can be used to gain access to an entire network or infrastructure.
Just about anyone can launch full-scale attacks against a network and a company’s information assets through an MFP if its physical and electronic access points aren’t securely controlled and protected. Those attacks can be as simple as someone picking up documents left in the MFP’s output tray, to malicious worms pulling sensitive documents off the network.
Social Engineering and Phishing
Social engineering represents a less technical type of attack that is designed to intentionally mislead users and encourage them to take some action that grants hackers access to restricted data and information. Cybercriminals may pose as credible, trusted authorities and attempt to convince their targets to grant them access to data by clicking on or installing special software, providing sensitive information via email, or other means.
One of the most common platforms for social engineering is email — an attempt to acquire sensitive information such as usernames, passwords or credit card data by masquerading as a trustworthy entity. Such emails are designed to trick a company’s CEO, a customer or a business partner, and often do so in a sophisticated, subtle way so that the victim thinks they are responding to a legitimate request. According to the FBI, C-level fraud has increased 270 percent in the past two years with more than 12,000 reported incidents totaling over $2 billion dollars in corporate losses.
To mitigate these risks and help your customers avoid falling victim to these social engineering attacks, there are several best practices that both dealerships and their customers should keep in mind:
Never include personal or financial information in an email. Employees should never respond to email solicitations for this information. This includes clicking on links sent in such emails, or following links to input or reset this information from suspicious messages or providers.
Maintain a clean and current machine. Ensuring that operating systems, web browsers, and antivirus and other software solutions are constantly up to date is critical in defending against online threats. This can be included as part of a managed IT or network services offering, as it’s often unrealistic to rely on end users to complete these tasks themselves.
Pay close attention to website URLs. Many malicious websites fool end users by mimicking legitimate websites. One way to identify these phony sites is to closely look at the URL to see if it appears legitimate. Employees may also be able to detect and evade the scheme by finding variations in spellings or a different domain (e.g., .com versus .net). In cases where employees are unsure if the site they are on is the official site for a particular brand or provider, a quick Google search will ensure the correct site is being used.
Verify all suspicious email requests. If an employee receives an email that looks odd from a well-known company, such as a bank, instruct them to reach out to the bank using means other than responding to the suspicious email address. It’s best to contact the company using information provided on an account statement — NOT the information provided in the email. The same is true internally; if an employee receives an odd-looking request from the CEO, for instance, they should directly contact the CEO to ensure the request was legitimate before replying to the original email.
Maintaining a Clean Desk
Despite it sounding so simple, keeping a clean desk is often overlooked when talking about data security. Employees who keep cluttered desks tend to leave USB drives and smartphones out in the open or forget to physically secure their desktops and laptops, making it the place to start the security discussion with employees.
Additionally, a messy desk makes it more difficult to realize something is missing, such as a folder with hard copy printouts of customer lists. This not only increases the likelihood of something being removed, but also means that the discovery of any theft will likely be delayed — perhaps by days or even weeks if the employee is out of the office. Such delays make it more difficult to determine who the perpetrator is and where the stolen material might now be located.
Encouraging employees to maintain a neat desk pays off in two ways. First, it makes digital and paper assets more secure. Second, employees with clean desks are more apt to be productive because they can quickly — and safely — access the tools and resources they need to do their jobs.
More often than not, employees are unaware that they’re making mistakes that can cause irreparable harm to the business, the employee, fellow employees, customers and business partners.
Below is a picture containing six “messy desk” mistakes employees are prone to committing. These are all bad habits that employees should be taught to avoid.
First off, we can see that the computer screen and monitor are left on without any password protection. This can be dangerous in an office setting because anyone passing by has easy access to all the information on the device. Thus, it’s critical to lock down screen settings and use password protection.
Secondly, user names and passwords are written down on post-it notes and visible for anyone to see. If a non-employee were to see this information, they could easily use it to log into the corporate network or gain access to the company’s confidential information. To avoid this, keep user names and passwords in a hidden and secure place.
Thirdly, there are notes and documents left out in the open. These documents could contain confidential product updates, information or ideas. Therefore, it’s best to keep them locked up in drawers and file cabinets.
Coincidentally, the fourth mistake here is leaving behind the key to a locked drawer or cabinet. This makes it extremely easy for anyone to swipe, come back later — perhaps after hours when no one is around — and access confidential files with the stolen key.
The fifth mistake, which is more likely to impact the employee, is leaving wallets and credit cards out on the desk. However, wallets may also possess corporate credit cards and security badges, which can allow intruders to enter the office or steal from the company in question.
Finally, leaving mobile phones and USB drives out in the open can be dangerous because these items are easy to pick up quickly without being caught in the act and they likely contain sensitive business or personal information. Specifically, mobile security is increasingly becoming a big concern as more and more companies adopt Bring-Your-Own-Device (BYOD) environments. And even in cases where a business does not offer BYOD, end users often find a way to log onto business networks on their own. Therefore, swiping a mobile device off the desk could allow anyone to potentially gain access to sensitive information and the entire corporate network.
The Dealership Opportunity
Security vulnerabilities can be found in nearly every office today, because data breaches can occur in so many different ways. Printers and MFPs, copiers and employees themselves are not immune to this threat. Today, one simple slip-up can risk an entire organization’s reputation, customer trust, and their bottom line. As businesses begin to look for ways to enhance their cybersecurity posture, office equipment dealerships are in a unique position to step in and ensure customers are remaining smart and safe in the office.
For years, dealerships have been servicing customers with all their office technology needs. During that time, a new demand has risen: complete IT security. Today, dealerships can now control and secure their customer’s entire IT infrastructure by augmenting traditional office technology offerings with managed IT services.
Bringing IT services into the fold creates additional opportunities to secure endpoints and devices within the office, provides additional touch points to help solidify relationships and generates additional revenue opportunities.
With the right technologies, education and best practices, dealerships can be well-equipped to keep customers secure and protected in the office — and position themselves as experts at the forefront of this evolving cybersecurity landscape.
This article originally appeared in the June 2017 issue of The Imaging Channel