Networked printers are a security threat

I want to take a moment to reinforce the major points of this article by Deb Radcliff The Surprising Security Threat: Your Printers.  Many years ago when I managed security for a financial firm, the company decided to remove the existing networked printers and replace them with multi-function devices.  Multi-function devices can print, staple, collate, copy, scan, and send email.  They have hard drives and operating systems.  The security department refused to sanction the email capability.

I recall that someone made the decision for the replacement as a "cost saving measure".  They dumped all the existing printers, copiers, and fax machines.  I remember sticking my little color printer up in a cabinet above my desk, hiding the cable that directly connected to my laptop.  I wanted to be able to print confidential schematics and diagrams in color without having to go to the Marketing department to use the only color printer.  At the time I thought we could modify the "no printers in user's offices" policy to account for the printing of confidential documents.  I wasn't the only one who refused to part with their personal printer and I didn't want confidential documents being stored on the printer hard drive.

Where I am currently employed, we did the same thing.  We replaced all the copiers, printers, and fax machines with MFDs.  I call these devices MFDs instead of "printer" or "copier" because I am secretly cursing the security issues they present.  We recently realized that when  documents that are scanned and saved to a network file share are also saved on the system's hard drive.  We deal with protected health information every day.  I learned that we needed to buy a software package that would enable us to securely wipe the hard drives on a regular schedule.  Otherwise, the documents will sit there forever.

The risks that I can tell you are real, as stated in the article are:
Risk: Network printers have more vulnerable services running on them than networked PCs do.
Risk: Network printer applications have a growing number of vulnerabilities.
Risk: Web interfaces, Web servers, Web pages and e-mail are opening printers directly to the World Wide Web.

And at this moment, I don't have any idea what operating system runs on those things.  I have to figure out how to patch them.  A call to the vendor this week is in order.  I appreciate this article that reminded me what I have been ignoring.