1. Printers/Multifunction machines
Tyler Robinson, senior managing security analyst and head of offensive services at InGuardians, says infosec pros should make sure their printers are not exposed to the Internet. He adds that infosec pros should change the default passwords and make it clear who on the team has responsibility for printers.
John H. Sawyer, director of red team services at IOActive, adds that infosec pros should recognize that most multifunction devices have hard drives and full-blown operating systems running on them -- which means that hackers may be able to steal printed documents and scanned PDFs from those devices, for example.
Sawyer also says companies that lease multifunction machines and turn them over every couple of years should have a defined destruction policy in place, ensuring the hard drive is destroyed before the device goes back to a vendor.
Image Source: Pixabay