Your Old Copy Machine: Not as Innocent as it Seems

Did you know that nearly every digital copier built since 2002 contains a hard drive, one that is capable of storing an image of every document scanned, copied, faxed or emailed by that machine? According to a survey commissioned by Sharp, a provider of electronic products and solutions, nearly 60% of Americans don’t know that copiers store images on a hard drive. In April of this year, a CBS Investigative Report made this little known fact national news and showcased how easy it is to retrieve highly personal and sensitive data from a used copier.

During the CBS investigation, the reporter purchased four used copiers from a warehouse in New Jersey, unaware of the previous owners or locations from which the copiers came. Tens of thousands of documents were downloaded from these machines utilizing a forensic software program available for free on the Internet. The first two copiers they scanned using this software were from the sex crimes and narcotic units of the Buffalo Police Department. The results from a scan on these hard drives turned up domestic violence complaints, a list of wanted sex offenders, and a list of targets in a major drug raid. The third machine was from a New York construction company that showed scans of design plans and 95 pages of pay stubs with names, addresses and social security numbers. The fourth, and by far the most disturbing, was a copier from Affinity Health Plan that contained 300 pages of individual medical records, a potentially serious breach of federal privacy law.

These findings are troubling and, unfortunately, just a glimpse of what can be found on your business’ copier if the information is not properly secured and/or erased. In fact, many copiers also contain information about the business’ network itself including user email addresses, outgoing fax numbers, contact names, the IP address of the company’s email server and, in some cases, a secure logon password to the network. This, coupled with the private and personal data that can be retrieved from a copier, can potentially ruin a business and cause serious social and legal ramifications if the information ‘falls’ into the wrong hands.

Many manufacturers, including Sharp and Xerox, offer security and encryption packages on their products. For example, Sharp offers a product that automatically erases an image from the hard drive that costs $500, a small price to pay compared to the potential social and legal costs that could ensue with a breach of data. The following tips include additional ways a business can mitigate the potential risks of their copier data being compromised.

• If leasing the machine, discuss the end of life security with your service provider to ensure that the copy machine hard drives will be completely erased when the machine is removed.
• Before disposing of or trading-in old equipment, check the manufacturer’s product documentation to best understand the steps to wipe the machine if required.
• Contact a local company that specializes in the removal of data from copier hard drives before it is disposed of and/or sold.

If you would like additional information on copier security risks, please check with your vendor and/or manufacturer’s website. For information on how 3D can provide your business with network security solutions, please visit our website at http://www.3dcorp.us/, call (360) 671-4906, or email info@3dcorp.us.

References: http://www.cbsnews.com/stories/2010/04/19/eveningnews/main6412439.shtml, http://bizsecurity.about.com/od/informationsecurity/a/copier_hard_drive.htm, http://copiersecurity.com/overview/did-you-know.html