As automobiles have become more technically connected to the world, the news is filled with apocryphal warnings about virtual carjackers — or maybe car-hackers is a better term. While there are also real issues with new vehicles and cyber security, no automotive business would dream of leaving the keys on the counter, digital or otherwise.

But cyber threats can come from a more mundane source: the back office. Many companies haven’t thought to safeguard their printers from attack by malicious actors. Because printers are a conduit for highly sensitive information, businesses can and should take as much care protecting these devices from data breaches and cybersecurity attacks as they do to prevent auto theft.

From finance applications and sales orders to commission reports and service orders, printed documents remain the backbone of the automotive industry, despite the push for digital transformation. At the same time, this reliance on printed documents leaves businesses vulnerable to a host of security incidents. In fact, over two-thirds of businesses experienced some form of data loss in the last 12 months due to unsecure printing practices.

While some of these incidents — like the recent data breach experienced by Oscar Health Plan of California — can be attributed to printer errors, others represent sophisticated attacks by malicious actors seeking access to information they can sell on the dark web. In a recent high-profile case, criminals disabled printers that confirmed SWIFT network transfers during attacks on numerous banks in India. Another serious incident involved ransomware known as Mamba, or HDDCryptor, that shut down printers by blocking server messages, enabling the ransomware to spread across network shares.

Regardless of their cause, data breaches can carry a high price in terms of litigation, reputational damage and regulatory fines. In one case, the Department of Health and Human Services fined a company $1.2 million for HIPAA violations because they failed to erase Protected Health Information (PHI) stored on a leased printer. Moreover, because modern printers are integrated with business networks through Wi-Fi connections and ethernet and form an integral part of the Internet of Things, they are more susceptible to serious security incidents than first-generation printers, which connected to standalone mainframes through various physical peripheral interfaces.

Although manufacturers are aware of the security vulnerabilities associated with modern printers, the businesses that use their products don’t always take the necessary precautions to safeguard these devices. In one survey, fewer than half of IT professionals deployed any form of printer protection. Moreover, they ranked printer security below that of cloud and hybrid platforms and traditional endpoints, despite the security risks associated with printing devices.

While printers haven’t received the same level of attention as traditional endpoints, businesses have a lot of options when it comes to protecting these devices. A good place to start is government publications like NIST 800-53, which outlines security and privacy controls for information systems, and the IRS 1075 Revised Publication, which includes guidelines for protecting Federal Tax Information. The Security Technical Implementation Guides (STIGs) developed by the US Defense Information Systems Agency are excellent resources that provide device hardening standards used by the IRS and other federal agencies.

Whatever guidance you employ, you should treat your printers with the same care you take with other network devices. At a minimum, you should include your printers in quarterly vulnerability scans. You should also configure your printers to record all relevant system activity and send alerts of any significant events like audit processing failures. For example, you can configure printers to recognize user-defined terms or text strings that tag output as confidential. When a match is detected, the printer will send an alert containing job details and content to the system administrator.

Employing pull printing and robust authentication methods are other effective safeguards. With pull printing, a user must provide authentication using smart cards, biometrics, and other methods before they can collect printed documents. You’ll also want to close any unused or unnecessary printer ports and ensure your printer vendor uses a Center for Internet Security (CIS) benchmark for the printer’s operating system. As one example, Xerox requires all printers to adhere to federal hardening standards outlined in a benchmark called the Federal Overlay.

Another option for securing your printers is to outsource your jobs to a secure managed print services provider (MPS). As the data breach with Oscar Health Plan indicates, you will want to conduct thorough due diligence to ensure you select a secure vendor if you decide to outsource. In addition to verifying the vendor employs appropriate technical safeguards like encryption, intrusion prevention and endpoint detection and response, check whether they conform to data protection standards outlined in an industry-recognized security framework like NIST’s Cybersecurity Framework. You should also verify that the vendor undergoes some form of periodic assessment by an independent third party, either as part of a security certification like HITRUST or ISO 27001 or the AICPA’s SOC 1 and SOC 2 reporting.

Because of the sensitivity involved in transactional documents, such as credit applications, businesses in the automotive industry must take appropriate measures to protect their printers from malicious attacks and other vulnerabilities. Like the disabling features and anti-theft devices we install on our cars, printer security measures can prevent valuable assets from loss. With a little care, you can protect sensitive printed information and keep your business from becoming the next headline associated with a serious data breach or security incident.

Steve Berman is director of risk and compliance for DATAMATX, one of the nation’s largest privately held full-service providers of high-volume print and electronic transactional communications. For more information, visit www.datamatx.com.