The Biz

Digital copiers: A serious risk to sensitive info

In the category of “one more thing to worry about,” comes this: Your digital copier may be putting your business, tax, personnel and other sensitive information at risk of being hacked by data thieves.

Where once the only risk posed by workplace photocopiers might be some surreptitious butt-scans by employees at the annual Christmas party, now some of the machines could cause business owners, employees and customers to lose sensitive information that thieves can use to wreck businesses and create personal and financial chaos for individuals.

Earlier this year, Sharp Document Solutions Co. of America issued a warning that digital photocopiers made in the last five years can store data of copied documents in an internal hard drive indefinitely.

While no major loss of data has been reported so far, there have been a few instances that should give businesses pause—not to mention individuals who may photocopy such info-rich documents as tax returns on unsecured copiers.

As a precaution, Sharp and other companies offer encryption software and security kits that, in effect, electronically shred documents, rather than saving them to the hard drive, says James Reasor, training manager at Charlotte Copy Data, parent company of Asheville Copy Data.

Businesses and individuals have only recently started to become savvy to the problem, Reasor tells Xpress. A survey conducted on behalf of Sharp a few years ago indicated that, of 1,005 adults surveyed, 54 percent were not aware that images of copies are stored on a copier’s hard drive.

“The first thing that everybody doesn’t realize is that the copier has a computer in it that’s just like the computer that you might have sitting on your desk,” explains Reasor. “It has a processor, a hard drive, it has RAM. It has all these things; the only thing it doesn’t have is a keyboard and a monitor. So, the same ways that someone can hack into your computer, theoretically they can do the same thing to your copier.”

In fact, he says, there was an instance on a college campus where students had rigged a hard drive on a copier to download music off the Web. “That’s how sophisticated some of this stuff is,” Reasor observes.

In addition to hacking, data can more readily be accessed when the machine is sold or is returned to a leasing agent and goes somewhere—including the local dump—where that information is still residing on the hard drive.

For example, he says, “We got one that got traded in on a lease and it turned out that [the company] had their entire payroll on it. Before we could even throw it in a Dumpster, we had to clear those hard drives. So we have a process now where when we get one in we go ahead and clear the hard drive just to verify that the information is no longer on there. … Customers just aren’t aware that they’ve left information on their hard drive.”

Most copier manufacturers now offer “Common Criteria Certification” security kits that can encrypt information so that it’s an unintelligible mess to anyone who tries to access it. Sharp has the best one currently, says Reasor, whose company sells and leases that brand along with a couple others with their own security add-ons. Reasor was unable to quote costs for such kits, but says they are reasonably priced. And it’s best not to assume that your IT staff is aware of the risks. Sharp’s survey indicated that even some IT pros were unaware of the risks.

Users can also set up copiers so that functions such as printing can be rerouted through a user’s computer or a secure server so that the images are not saved on the copier’s drive. And individuals who use copy shops should verify that anything they copy will be secure.

“The biggest thing is, if you ever let your copier leave your building, that you have made sure that you or someone who works for you has cleared the information off that hard drive,” Reasor says. “Personally, my recommendation is that someone go ahead and invest in those security kits.” 

Here are some more tips to protect your network-attached copier:
• User authentication: Setting copiers to require passwords can keep nonemployees out.
• Permissions authentication: Copiers can be set to require passwords for certain applications, as a network-attached computer can be configured for the same.
• Document encryption: This can help protect sensitive or confidential information before it is sent across the network.
• Secure deletion of temporary files: Newer digital copiers store copied images on an internal hard drive. Setting the copier to delete these files can prevent unauthorized people from accessing sensitive information.
• Activity tracking: Copiers can be set to track what is being copied or sent, who is copying it, and when.
• Timed logout: The copier can be set to log users out when they’ve been inactive—preventing the next user from sending or storing documents under the previous user’s identity.

Capital infusion: The Blue Ridge Entrepreneurial Council will hold its 5th annual Carolina Connect conference at Asheville’s Grove Park Inn and Spa on Thursday, Oct. 11. The agenda is still being finalized, but past Carolina Connect conferences brought together Western North Carolina entrepreneurs with private-equity investors. Again this year, the focus will be on helping entrepreneurs get more private-investor capital, increase sales revenue and learn more about the process of partnering for research grants. For more details, call BREC at 273-9862, and visit for details as they become available.

Green business: AdvantageWest will hold its Advantage Innovation 2007: Environmental Related Enterprises conference Dec. 6-7 in Asheville. This interactive conference will focus on the recruitment and expansion of jobs and investment associated with environmental-related enterprises. Sessions will include environmental reclamation, green construction, environmental sciences, alternative/renewable energy and environmental conservation. For more details as they become available, contact AdvantageWest Executive Vice-President Scott Hamilton at


Thanks for reading through to the end…

We share your inclination to get the whole story. For the past 25 years, Xpress has been committed to in-depth, balanced reporting about the greater Asheville area. We want everyone to have access to our stories. That’s a big part of why we've never charged for the paper or put up a paywall.

We’re pretty sure that you know journalism faces big challenges these days. Advertising no longer pays the whole cost. Media outlets around the country are asking their readers to chip in. Xpress needs help, too. We hope you’ll consider signing up to be a member of Xpress. For as little as $5 a month — the cost of a craft beer or kombucha — you can help keep local journalism strong. It only takes a moment.

Before you comment

The comments section is here to provide a platform for civil dialogue on the issues we face together as a local community. Xpress is committed to offering this platform for all voices, but when the tone of the discussion gets nasty or strays off topic, we believe many people choose not to participate. Xpress editors are determined to moderate comments to ensure a constructive interchange is maintained. All comments judged not to be in keeping with the spirit of civil discourse will be removed and repeat violators will be banned. See here for our terms of service. Thank you for being part of this effort to promote respectful discussion.

Leave a Reply

To leave a reply you may Login with your Mountain Xpress account, connect socially or enter your name and e-mail. Your e-mail address will not be published. All fields are required.