) 
Your Biggest Security Risk You Never Knew About
Sometimes you come across something and have one of those ‘really?’ moments. One would think that there are few big nasty surprises left in the world of digital security. Bad news and new leaks in the same old places sure, but surprises… no.
Well, here is a big surprise for you.
Your digital copier has a hard drive in it and keeps records of all documents scanned, copied, faxed, and emailed. Most every copier build since 2002 has a hard drive and retains this data. Think about the things you copy:
- Employee files with SS number, drivers licences etc
- Medical information
- Tax documents
- Personal letters
- Not to mention whatever body parts were copied at the last company holiday party
And when you are done with that leased copier, or you give away or sell your old owned copier, that content is available to whomever buys it. Apperantly we don’t know much about this, but identity thieves have long known of this opportunity. A recent story told of used copiers being purchased with hundreds of pages of medical information, pay stubs and payroll information, and even a list of targets for a major police drug raid.
Hippa and SoX compliance just went out the door.
There are software solutions such as InfoSweep that will completely wipe these hard drives. Alternatively, before sending off that old copier, have your service person remove the hard drive and give it to you. Pound it with a sledge hammer a few times, drill holes in it, or pound a few nails through it. Any of these will render it useless.
Perhaps most importantly, DON’T every copy private or sensitive material on a public facility copier! Any document you copy, fax, or email from one of the copy shop machines will leave behind a copy on that machines hard drive.
I am somewhat shocked that this is not commonly known, and even more shocked at the implications to compliance and data security. It is a gaping hole in the average companies data security plans, and really needs to be addressed. Talk to your copier service person, or IT staff or consultant and make sure that you have options available to destroy data on copier hard drives.
Happy (and safe) Computing!
Richard Brunke
