Here's something that might surprise you: Most digital copiers made over the past decade contain their own hard drives that work similarly to the hard drive in your computer. Copiers with hard drives can store an image of every document that has been scanned, copied, or emailed from the machine.
Plus, many copiers are leased and returned repeatedly; or leased, returned, and sold secondhand. Which means that it's likely that someone else will ultimately have access to your copier ... and possibly all the company information stored on it.
In other words, it's essential to your company's security, your employees' security, and your customers' security that you know whether your copier stores digital information, how to secure the data in your copier, and what to do before returning a leased copier or selling a copier that you own. Determining if Your Copier Stores Digital Images
There are several ways to determine if your copier's hard drive stores images of documents it prints, copies, or emails. Perhaps the easiest way is to call your vendor and ask. If you're not satisfied with their answer, or if they're evasive, you have other options. If your copier is made by Xerox, you can go to www.xerox.com/security and click on the "Data Protection" option to download a PDF document listing Xerox products on which a hard drive is included, and what security features are included with those models. If your copier is networked, you can connect to its built-in web server. Type the copier's IP address in your web browser. Then click on the "Properties" link and read the hardware specifications. Look for the terms "hard disk," or "image disk."
What Types of Businesses Should Be Most Concerned
Some businesses are required by law to comply with certain security practices. Businesses that deal with consumer financial information -- like credit reports or employee background information -- may be subject to rules about properly disposing of information stored on digital copiers. Financial institutions may be governed by the Gramm-Leach-Bliley Safeguards Rule, which involves having a security plan for protecting personal and confidential information wherever it is stored. Businesses involved with financial services, nonprofit organizations, schools, and medical services should be particularly vigilant about copier security.
Other Machines Whose Security You Should Learn About
Copiers aren't the only devices you should be concerned about when it comes to data security. Multi-function peripherals, or MFPs, are devices that perform several functions, rather than just one. Examples of MFPs include some models of printers, scanners, and fax machines. Many of these machines also contain hard disk drives and should be treated the same as a copier with a hard disk drive with respect to sensitive information.
Recommendations for Copier Security
Before buying or leasing a copier (or MFP) with a hard drive, explicitly plan to manage and maintain it according to your organization's information security policies. This may mean that your company's IT staff and / or security staff should be briefed on the type of data stored on copiers and how the company plans to secure that data.
If you plan to resell your copier, check with the manufacturer about options for securing the hard drive. If you're returning a leased copier to a vendor, ask what security practices they have to prevent hard disk data from being passed on. They may remove the hard drive for you to destroy, or they may offer overwrite or destruction services for you. Keep in mind that hard drives are not easy for a non-IT or non-technical person to locate and remove properly. It's generally better to have a skilled technician remove the hard drive for you.
Many devices that we don't think of as computers contain hard disks, and these hard disks are capable of storing sensitive information. To protect company and client information, it's critical that you know whether your copier has a hard drive and how it uses it. When it's time to resell or return the copier, you need a plan to destroy or overwrite the information on the hard drive to prevent it from being passed along to the next customer or otherwise left vulnerable.
Photo Credit: Naypong / freedigitalphotos.net