Is Your Copier Machine Telling Your Company Secrets?
Ever since the CBS Evening News Special exposed the security and privacy risks that were associated with data stored on copy machine hard drives, we've received a number of inquiries from our clients about the safety of their office copiers. So just in case you missed the news, let us bring you up to speed.
Modern digital copiers or MFPs (multifunction printers) are the equivalent of a desktop computer. They come equipped with processors, an operating system, and have memory (RAM) and storage drives to handle document storage, job queuing and image processing tasks. So every time you print, copy, scan or fax a document using your copier, that document may spend some (albeit short) part of its life on the copiers internal hard drives. Once your print job is done the typical copier will remove the data from the disk. Sounds pretty safe right? Maybe not.
The latest hoopla surrounding information security on copier machines is related to the fact that many machines never delete this data from the disk, or only do so when the hard drive becomes full (which many never do). So when your copier lease expires and you send it back to your vendor, you may unknowingly be returning the hard drives filled with data from every document ever processed by the machine containing sensitive information about your company and your clients. With enough malicious intent, free publicly available computer forensic software and a few extra bucks, anyone could potentially retrieve all that information from the disks.
While the outcome of the CBS investigation was pretty scary with medical records, credit cards and social security numbers retrieved from copiers purchased at random, the good news is that many vendors (as part of their standard operating procedure) actually destroy the data for you. Notwithstanding, if you rather not entrust your data destruction with your vendor, you can still ensure your data safety before the copier leaves your hands. Here a few tips that will help.
1) Data Encryption & Overwriting
Many machines already come with security features that will eliminate the risk of data retrieval, but are often not enabled by default. Insist that your copier vendor or your IT consultant enable the data encryption and overwriting features on your machines.
2) Secure Data Wipe
Before returning or disposing of your copier, perform a secure data wipe of the machine's storage drives. Some copiers allow you to do this with built in functionality and others may require that a hardware add-on be purchased in order to perform the task. It's also becoming increasingly common for copy vendors to allow you to keep the hard drives and destroy the data at your choosing.
3) Become a Copier Snob
Avoid using copiers you have no control over (e.g. at someone else's office or at a library) to scan/copy/fax sensitive information. There is no telling who has access to that copier or whether it is their policy to have the data properly destroyed. You may also wish to inquire about data security policies at copy centers your company uses.
So before you send your copier packing back to your vendor with your drivers license and tax returns, make sure you get cleaned up. If not, look on the bright side, your replacement copier might come loaded with secrets of its own.