When we think about cybersecurity threats, our minds usually jump to computers, servers, or mobile devices. But as one of our customers recently discovered, even something as ordinary as a printer can be a gateway for hackers, and a costly one at that.

This customer had a multifunction printer that wasn’t set up through us, which meant it wasn’t secured properly on their network. Because of that, the printer became a vulnerability. It was hacked and held for ransom. Since the device had capabilities to send emails and faxes, the attackers potentially gained access to sensitive communications. This unfortunate incident is a reminder of how even small oversights can lead to big consequences in today’s threat landscape.

A Growing Trend: Ransomware on the Rise

According to a recent Reuters report, ransomware attacks targeting U.S. infrastructure rose 9% in 2024 compared to 2023. The FBI’s Internet Crime Complaint Center (IC3) received approximately 147,000 complaints, with critical infrastructure complaints accounting for about half of them. Additionally, ransomware-related incidents increased across the board, with attacks against essential sectors—including healthcare, transportation, and manufacturing—becoming more targeted and severe.

Printers and other Internet of Things (IoT) devices (a network of physical devices, vehicles, appliances, and other items embedded with sensors, software, and network connectivity, allowing them to collect and exchange data) are increasingly used as entry points. Because these devices often go unnoticed in a security strategy, cybercriminals exploit them as weak links to access networks, install ransomware, and demand payment in exchange for control of the system or stolen data.

Why Printers and IoT Devices Are Vulnerable

Modern printers are essentially small computers. They store data, connect to the internet, and communicate with other devices. Without proper setup, they can leave ports open, use default passwords, or transmit unencrypted data. Worse, many organizations forget to include these devices in routine security audits or updates.

In the case of our customer, the printer had fax and email capabilities that were not protected. That left the door wide open for an attacker to gain access to the network and escalate the attack.

What You Can Do to Stay Protected

The lesson here is clear: every device connected to your network must be properly secured, especially those that are often overlooked. Here are a few tips to help you stay protected:

• Use secure setup procedures: Always set up printers and similar devices through your IT provider to ensure proper network segmentation and security configurations.

• Change default settings: Replace default usernames and passwords and disable unused features.

• Install updates regularly: Keep the firmware up to date to patch vulnerabilities.

• Monitor for unusual activity: Set up network monitoring to catch suspicious behavior from any connected device.

• Conduct regular audits: Include all IoT devices in your security reviews—not just computers and servers.

The Bottom Line

Cybersecurity isn't just about protecting your main systems. It’s about securing everything that touches your network. As ransomware threats evolve, attackers will continue looking for the path of least resistance, which could be a seemingly harmless printer.

Don't leave any device unprotected. If you’re unsure whether your office technology is secure, reach out. We’re here to help you assess your environment and lock down your systems—before hackers do it for you.