Why is it automatically a problem to have your printer directly exposed to the internet? There's a sort of printer called a fax machine that has longtime been intended to be globally exposed to the telephone network. Before that there was the Telex machine. The worst that someone can do is to consume the printer's currently loaded supply of paper and ink, which is annoying but not catastrophic. Further, deliberately doing so is almost certainly criminal damage and may not be very hard to trace back to the perpetrator. If he knows how to cover his tracks he's hardly likely be interested in merely wasting paper and ink.
The game changes dramatically if that is NOT the worst they can do, if they can write the device firmware via the port(s) intended to be used for writing the paper. Firmware updates should access the printer through a different port, and the printer should as shipped have that port either firewalled for local subnet access only, or (much better) turned off. SOP would then be "Firmware Update Enable" -> "On" using the front panel, before running the firmware updater, which in turn should re-set the enable state to "Off" upon successfully installing the update. Paranoia should dictate re-setting to "Off" maybe 12 hours later, even if no firmware update was sent.
It's the problem of the missing hardware write-lock switch, for the umpteenth time.