Digital Security - Could Your Copiers Be Spying On You?
A colleague at another company raised a digital security issue this week. After checking with a few contacts at other companies we realized that many are unaware of the issue. Hence this blog post to, if necessary, help raise awareness in industrial suppliers.
Ever Copied a Confidential Document? So Has Your Copier!
The above CBS video report highlighted an IT security issue that may be lurking in all your company's office copiers. It's not just the documents you personally copy, every single document copied may also have been copied to, and stored on, the copier's hard drive.
Your company probably keeps lots of sensitive data, Social Security numbers, personnel records, account numbers, health records, and business secrets. If so, you probably have policies to protect and safeguard that information. But are your copiers included in those policies?
Digital Copiers Are Computers So Treat Them As Such
Today’s digital copiers are often multi-function devices (MFDs). These smart machines do more than just copying; they can do everything from copying, printing, scanning, faxing to emailing documents. To do all that they often include hard disk drives to manage the workload and to increase the speed of production. The hard drive in a digital copier stores data about the documents it copies, prints, scans, faxes or emails. As the FTC guidance (see link in 'Recommendations' below) says, "if you don’t take steps to protect that data, it can be stolen from the hard drive, either by remote access or by extracting the data once the drive has been removed."
Many people don't yet realize that copiers have hard drives and many company information security plans don't cover their digital copiers, either while they are in service or after they are retired from service! In either case, if the data on your copiers gets into the wrong hands, it could lead to fraud, identity theft, even business espionage as this first in HP's 'The Wolf' video series illustrates.
Recommendations For Industrial Suppliers
1. Review and follow the FTC guidance on this issue, "Digital Copier Data Security: A Guide for Businesses" and discuss it with your copier supplier.
2. If they aren't included purchase copier options that enable copier stored documents to be encrypted and/or deleted on the copier hard drive. When you get a new copier erase any data that already exists on it and ensure that security options that manufacturers provide are understood and set up correctly. For example see Ricoh's approach here.
3. Apply normal computer security measures to copiers. For example, if you're not already doing so:
- Make copiers part of your IT team's responsibilities
- If they are networked, apply security protocols just as you would for a computer
- Disable copier USB ports - though they enable convenient walk-up printing could they be used to save documents from your copier’s hard drive to a USB stick?
4. Regularly wipe copier hard drives instead of waiting until the end of your lease or ownership, for example, delete and reformat on a monthly basis to limit the risk.
5. Whether you buy or lease copiers, be sure that you or your service partner clears the machine's cache and either digitally wipes or physically shreds the hard drive when the copier is 'retired' at the end of its lease, sold, donated, or recycled.
This topic is important to industrial suppliers because we probably all use copiers! But it's even more important for IIOT applications. If we can't secure our copiers (and phone systems), we possibly can't secure our IIOT devices! More on getting started with IIOT next month but in the meantime please call or use the button below if you have any questions.