Digital Copier & MFP Data Security - what you must know and do to prevent identity theft
Copiers or multifunction printers (MFPs) are at serious risk for hard-drive security breach, and understanding consequences when not handled properly, is an industry-wide concern.
Nearly every digital copier and MFP built since around 2002 contains one or more hard-drives - like the one in your personal computer. An image is stored on the hard-drive of every document copied, scanned, or e-mailed by the machine, as well as other data. Examples of data that has been found includes social security numbers, birth certificates, bank records and income tax forms. This type of information would be very valuable to would be identity thieves.
Most companies fail to delete thousands of copies stored on the copier's hard drive before returning their hired or leased machines or selling them. When copiers come off lease or rental and are returned to the supplier, they are often redistributed to buyers, wholesalers, and overseas distributors, without having the necessary steps taken to eliminate sensitive data. Although the data stored may be encrypted, it is still quite possible to gain access to this information. Many copiers contain the IP address of the company's primary and secondary email servers and, in some cases, secure log-on password(s).
Once a hard-drive is pulled out of the copier, software programmes are available (some for free on the Internet) which can pull all these documents and other data off the hard-drive. It's pretty scary stuff, considering what might be on there.
However, there are ways to ensuring that the information processed by your copier of MFP stays safely within your organisation and not in the hands of identity thieves. All the major manufacturers offer data security or encryption kits for their products. Some come standard and some need to be purchased. Technologies such as image overwrite, removable hard-drives and encryption all help to ensure all data in and out of an MFP is unreadable.
However, many copier dealers, resellers and sales people simply do not make their customers aware of this. In surveys it has become clear that many businesses are still unwilling to pay for such protection, and that the average copier buyer and user is completely unaware of the dangers posed by digital copiers.
Do not fall in this category. Digital copiers are by all accounts computers. Would you trade in a desktop PC, laptop or return a rental computer without first erasing the hard disk? No, you wouldn't!
It is very important to carefully evaluate the security measures built into any copier or MFPs you are currently using or considering purchasing and to choose a vendor partner who will educate and cooperate with you on a data protection strategy. Those with older MFPs in use should make sure the security features available are enabled, and if needed, purchased.
What else can you do?
1. Configure copiers, printers, and other multi-function devices securely. Limit network access if possible.
Avoid entering sensitive information into address books. Change default passwords for devices with
web-based configurations. Employ access controls (e.g. user authentication, account codes, password
2. Develop appropriate policies and procedures that address proper disposal procedures for equipment,
protecting sensitive data, etc.
3. Always use appropriate disposal procedures for equipment (e.g., organisations should destroy / shred /
wipe internal hard-drives or include appropriate contract language regarding proper disposal for leased
equipment). When in doubt, consult the manufacturer for proper hard-drive cleaning procedures.
4. Work with vendors to make sure devices meet industry security standards and certifications.
5. Be sure to review current contracts. If security concerns arise, work with vendors to close the gaps
and modify/update contracts as needed.
6. Develop a template for contact/service agreements with vendors that have devices with more native
security features. Many vendors also offer optional data security kits.
7. Educate IT staff and other users.
8. Remember to perform updates on a regular basis. Updates are often a manual process but some
vendors offer security updates via RSS Feed.
9. Consider managing all copiers/multi-function network devices through one office.
10. Consider requiring drive encryption.
11. Consider physical security of hard-drives for devices with open access, e.g. universities, libraries etc.
• Post flyers or label machines in public places as a reminder that any data copied there may be
stored in the memory.
• Remind staff/users to avoid copying documents with sensitive information using public-access
CopierChoice provide Photocopier & Multifunction quotes for all major brands sold in Australia, including: